?
Solved

Event 7 in KDC and server stops authenticating.

Posted on 2007-03-26
11
Medium Priority
?
4,577 Views
Last Modified: 2012-05-05
Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.

Any ideas of what couldbe causing this?
0
Comment
Question by:ymash
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
11 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18796526
Have you recently tried to change a password on an administrative account?
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18796547
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
0
 
LVL 1

Author Comment

by:ymash
ID: 18797121
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing Kerberos authentication... Passed

    Tests complete.


    Computer Name: CALREAL-1
    DNS Host Name: CALREAL-1.calreal.com
    DNS Domain Name: calreal.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB925398_WMP64
           Yes          KB931836
           Yes          Q147222
           No           ServicePackUninstall


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Device: \DEVICE\{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    05:50:25
    Media Speed:                     100 Mbps

    Packets Sent:                    624026
    Bytes Sent (Optional):           0

    Packets Received:                435808
    Directed Pkts Recd (Optional):   423179
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Server Local Area Connection
        Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : CALREAL
    Dns domain name. . . . . . . . : calreal.com
    Dns forest name. . . . . . . . : calreal.com
    Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
    Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-2051905957-2350562184
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : CALREAL


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}
    1 NetBt transport currently configured.


Kerberos test. . . . . . . . . . . : Passed

    Find DC in domain 'CALREAL':
    Found this DC in domain 'CALREAL':
        DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
        Address . . . . . . . . : \\192.168.1.200
        Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
        Domain Name . . . . . . : calreal.com
        Forest Name . . . . . . : calreal.com
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
    Cached Tickets:


The command completed successfully


thanks,
Yanal
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 3

Expert Comment

by:fpthree
ID: 18802058
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18802072
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
0
 
LVL 1

Author Comment

by:ymash
ID: 18805481
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
0
 
LVL 1

Author Comment

by:ymash
ID: 18848187
I'm still having this issue. does anyone have any other suggestions?
0
 
LVL 1

Author Comment

by:ymash
ID: 19796332
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20294324
PAQed with points refunded (250)

Computer101
EE Admin
0
 
LVL 1

Author Comment

by:ymash
ID: 20296341
Thanks.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question