Solved

Event 7 in KDC and server stops authenticating.

Posted on 2007-03-26
11
4,372 Views
Last Modified: 2012-05-05
Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.

Any ideas of what couldbe causing this?
0
Comment
Question by:ymash
  • 5
  • 4
11 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18796526
Have you recently tried to change a password on an administrative account?
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18796547
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
0
 
LVL 1

Author Comment

by:ymash
ID: 18797121
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing Kerberos authentication... Passed

    Tests complete.


    Computer Name: CALREAL-1
    DNS Host Name: CALREAL-1.calreal.com
    DNS Domain Name: calreal.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB925398_WMP64
           Yes          KB931836
           Yes          Q147222
           No           ServicePackUninstall


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Device: \DEVICE\{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    05:50:25
    Media Speed:                     100 Mbps

    Packets Sent:                    624026
    Bytes Sent (Optional):           0

    Packets Received:                435808
    Directed Pkts Recd (Optional):   423179
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Server Local Area Connection
        Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : CALREAL
    Dns domain name. . . . . . . . : calreal.com
    Dns forest name. . . . . . . . : calreal.com
    Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
    Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-2051905957-2350562184
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : CALREAL


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}
    1 NetBt transport currently configured.


Kerberos test. . . . . . . . . . . : Passed

    Find DC in domain 'CALREAL':
    Found this DC in domain 'CALREAL':
        DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
        Address . . . . . . . . : \\192.168.1.200
        Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
        Domain Name . . . . . . : calreal.com
        Forest Name . . . . . . : calreal.com
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
    Cached Tickets:


The command completed successfully


thanks,
Yanal
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 3

Expert Comment

by:fpthree
ID: 18802058
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18802072
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
0
 
LVL 1

Author Comment

by:ymash
ID: 18805481
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
0
 
LVL 1

Author Comment

by:ymash
ID: 18848187
I'm still having this issue. does anyone have any other suggestions?
0
 
LVL 1

Author Comment

by:ymash
ID: 19796332
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20294324
PAQed with points refunded (250)

Computer101
EE Admin
0
 
LVL 1

Author Comment

by:ymash
ID: 20296341
Thanks.
0

Featured Post

3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question