ymash
asked on
Event 7 in KDC and server stops authenticating.
Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:
Event 7
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.
Event 7
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.
Any ideas of what couldbe causing this?
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:
Event 7
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.
Event 7
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.
Any ideas of what couldbe causing this?
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
ASKER
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:
Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing Kerberos authentication... Passed
Tests complete.
Computer Name: CALREAL-1
DNS Host Name: CALREAL-1.calreal.com
DNS Domain Name: calreal.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
Hotfixes :
Installed? Name
Yes KB925398_WMP64
Yes KB931836
Yes Q147222
No ServicePackUninstall
Netcard queries test . . . . . . . : Passed
Information of Netcard drivers:
-------------------------- ---------- ---------- ---------- ---------- ---------
Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Device: \DEVICE\{2B62ABE6-33C7-4E5 9-A0A7-908 A1F4D1D8D}
Media State: Connected
Device State: Connected
Connect Time: 05:50:25
Media Speed: 100 Mbps
Packets Sent: 624026
Bytes Sent (Optional): 0
Packets Received: 435808
Directed Pkts Recd (Optional): 423179
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
-------------------------- ---------- ---------- ---------- ---------- ---------
[PASS] - At least one netcard is in the 'Connected' state.
Per interface results:
Adapter : Server Local Area Connection
Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-9 08A1F4D1D8 D}
Netcard queries test . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : CALREAL
Dns domain name. . . . . . . . : calreal.com
Dns forest name. . . . . . . . : calreal.com
Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3 F1EC97EB11 9}
Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-205190 5957-23505 62184
Logon User . . . . . . . . . . : administrator
Logon Domain . . . . . . . . . : CALREAL
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{2B62ABE6-33C7 -4E59-A0A7 -908A1F4D1 D8D}
1 NetBt transport currently configured.
Kerberos test. . . . . . . . . . . : Passed
Find DC in domain 'CALREAL':
Found this DC in domain 'CALREAL':
DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
Address . . . . . . . . : \\192.168.1.200
Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3 F1EC97EB11 9}
Domain Name . . . . . . : calreal.com
Forest Name . . . . . . : calreal.com
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Cached Tickets:
The command completed successfully
thanks,
Yanal
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:
Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing Kerberos authentication... Passed
Tests complete.
Computer Name: CALREAL-1
DNS Host Name: CALREAL-1.calreal.com
DNS Domain Name: calreal.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
Hotfixes :
Installed? Name
Yes KB925398_WMP64
Yes KB931836
Yes Q147222
No ServicePackUninstall
Netcard queries test . . . . . . . : Passed
Information of Netcard drivers:
--------------------------
Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Device: \DEVICE\{2B62ABE6-33C7-4E5
Media State: Connected
Device State: Connected
Connect Time: 05:50:25
Media Speed: 100 Mbps
Packets Sent: 624026
Bytes Sent (Optional): 0
Packets Received: 435808
Directed Pkts Recd (Optional): 423179
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
--------------------------
[PASS] - At least one netcard is in the 'Connected' state.
Per interface results:
Adapter : Server Local Area Connection
Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-9
Netcard queries test . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : CALREAL
Dns domain name. . . . . . . . : calreal.com
Dns forest name. . . . . . . . : calreal.com
Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3
Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-205190
Logon User . . . . . . . . . . : administrator
Logon Domain . . . . . . . . . : CALREAL
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{2B62ABE6-33C7
1 NetBt transport currently configured.
Kerberos test. . . . . . . . . . . : Passed
Find DC in domain 'CALREAL':
Found this DC in domain 'CALREAL':
DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
Address . . . . . . . . : \\192.168.1.200
Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3
Domain Name . . . . . . : calreal.com
Forest Name . . . . . . : calreal.com
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Cached Tickets:
The command completed successfully
thanks,
Yanal
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
Possibly WinXP workstations with IIS installed?
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
Or do they access a VPN that uses a trusted certificate?
ASKER
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
ASKER
I'm still having this issue. does anyone have any other suggestions?
ASKER
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks.
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.