Event 7 in KDC and server stops authenticating.

Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.

Any ideas of what couldbe causing this?
LVL 1
ymashAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

fpthreeCommented:
Have you recently tried to change a password on an administrative account?
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.
0
fpthreeCommented:
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
0
ymashAuthor Commented:
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing Kerberos authentication... Passed

    Tests complete.


    Computer Name: CALREAL-1
    DNS Host Name: CALREAL-1.calreal.com
    DNS Domain Name: calreal.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB925398_WMP64
           Yes          KB931836
           Yes          Q147222
           No           ServicePackUninstall


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Device: \DEVICE\{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    05:50:25
    Media Speed:                     100 Mbps

    Packets Sent:                    624026
    Bytes Sent (Optional):           0

    Packets Received:                435808
    Directed Pkts Recd (Optional):   423179
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Server Local Area Connection
        Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : CALREAL
    Dns domain name. . . . . . . . : calreal.com
    Dns forest name. . . . . . . . : calreal.com
    Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
    Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-2051905957-2350562184
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : CALREAL


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}
    1 NetBt transport currently configured.


Kerberos test. . . . . . . . . . . : Passed

    Find DC in domain 'CALREAL':
    Found this DC in domain 'CALREAL':
        DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
        Address . . . . . . . . : \\192.168.1.200
        Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
        Domain Name . . . . . . : calreal.com
        Forest Name . . . . . . : calreal.com
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
    Cached Tickets:


The command completed successfully


thanks,
Yanal
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

fpthreeCommented:
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
0
fpthreeCommented:
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
0
ymashAuthor Commented:
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
0
ymashAuthor Commented:
I'm still having this issue. does anyone have any other suggestions?
0
ymashAuthor Commented:
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
0
Computer101Commented:
PAQed with points refunded (250)

Computer101
EE Admin
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ymashAuthor Commented:
Thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.