[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Event 7 in KDC and server stops authenticating.

Posted on 2007-03-26
11
Medium Priority
?
4,753 Views
Last Modified: 2012-05-05
Hello,
I am having problems with my windows2003 SBS. every few days, I get the following errors in the event log and the server stops authenticating users:

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxx$@xxxx.COM and lookup type 0x28.

Event 7

The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was xxxxx and lookup type 0x8.

Any ideas of what couldbe causing this?
0
Comment
Question by:ymash
  • 5
  • 4
10 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18796526
Have you recently tried to change a password on an administrative account?
Possibly an account that was used on a server to install software & services?
Or maybe a product attempting to authenticate to your servers AD? Someone such as IBM iSeries/AS400 would own a product that uses Kerberos to authenticate with AD.
KDC is Key Distribution Center (AD uses Kerberos). It's a tolken or 'ticket' distributed between server and client.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18796547
You may want to run Netdiag (netdiag /test:kerberos /v) and DCdiag and check for Kerberos consistency. Post the results and we'll go from there.
0
 
LVL 1

Author Comment

by:ymash
ID: 18797121
Hello,
TO give you more background about the environemnt. This is a small business server, it is the only server on the network, and a few months ago we had a huge virus out break (could be related). I've had many problems with this server ever since the virus out break. Could this be caused by a virus on the client machines? THere are 2 users that I see with this error message everytime and the server stops working right after.
here is the output of the netdiag:


    Gathering IPX configuration information.
    Querying status of the Netcard drivers... Passed
    Testing Domain membership... Passed
    Gathering NetBT configuration information.
    Testing Kerberos authentication... Passed

    Tests complete.


    Computer Name: CALREAL-1
    DNS Host Name: CALREAL-1.calreal.com
    DNS Domain Name: calreal.com
    System info : Microsoft Windows Server 2003 (Build 3790)
    Processor : x86 Family 6 Model 15 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB925398_WMP64
           Yes          KB931836
           Yes          Q147222
           No           ServicePackUninstall


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
    Device: \DEVICE\{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    05:50:25
    Media Speed:                     100 Mbps

    Packets Sent:                    624026
    Bytes Sent (Optional):           0

    Packets Received:                435808
    Directed Pkts Recd (Optional):   423179
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Server Local Area Connection
        Adapter ID . . . . . . . . : {2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : CALREAL
    Dns domain name. . . . . . . . : calreal.com
    Dns forest name. . . . . . . . : calreal.com
    Domain Guid. . . . . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
    Domain Sid . . . . . . . . . . : S-1-5-21-3550455975-2051905957-2350562184
    Logon User . . . . . . . . . . : administrator
    Logon Domain . . . . . . . . . : CALREAL


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{2B62ABE6-33C7-4E59-A0A7-908A1F4D1D8D}
    1 NetBt transport currently configured.


Kerberos test. . . . . . . . . . . : Passed

    Find DC in domain 'CALREAL':
    Found this DC in domain 'CALREAL':
        DC. . . . . . . . . . . : \\CALREAL-1.calreal.com
        Address . . . . . . . . : \\192.168.1.200
        Domain Guid . . . . . . : {4882F59D-A8DD-41F7-9A0B-3F1EC97EB119}
        Domain Name . . . . . . : calreal.com
        Forest Name . . . . . . : calreal.com
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
    Cached Tickets:


The command completed successfully


thanks,
Yanal
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LVL 3

Expert Comment

by:fpthree
ID: 18802058
Well it doesn't appear as though it's AD, DNS, or Kerberos related. And you don't have any active or cached certificates. Is it possible that these workstations are using certificates of some sort?
Possibly WinXP workstations with IIS installed?
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18802072
Do you use these workstations for RDP? Or have the IIS Remote Desktop Website enabled?
Or do they access a VPN that uses a trusted certificate?
0
 
LVL 1

Author Comment

by:ymash
ID: 18805481
the workstation that is causing issues is a windows2000 pro machine. I have cisco VPN, it doesn't use certificates and I RDP to the server using a windowsXP pro machine.
0
 
LVL 1

Author Comment

by:ymash
ID: 18848187
I'm still having this issue. does anyone have any other suggestions?
0
 
LVL 1

Author Comment

by:ymash
ID: 19796332
I opened a ticket with Microsoft. Another tech in another case had me enable some monitoring software and forgot to tell me that it should be removed. After uninstalling it, everything is working fine.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 20294324
PAQed with points refunded (250)

Computer101
EE Admin
0
 
LVL 1

Author Comment

by:ymash
ID: 20296341
Thanks.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits …
There are literally thousands of Exchange recovery applications out there. So how do you end up picking one that’s ideal for your business & purpose? By carefully scouting the product’s features, the benefits it offers you, & reading ample reviews f…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question