Solved

Authz Logon Failures with no User Name, Domain Name, Source Network Address or Source Port

Posted on 2008-06-18
3
1,524 Views
Last Modified: 2008-11-22
Hi there,
Across our network I seem to be getting numerous of these errors - I have pasted details below:

Logon Failure:
       Reason:            Account locked out
       User Name:      
       Domain:      
       Logon Type:      3
       Logon Process:      Authz  
       Authentication Package:      Kerberos
       Workstation Name:      ABC23S003
       Caller User Name:      ABC23S003$
       Caller Domain:      CS
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID: 1068
       Transited Services: -
       Source Network Address:      -
       Source Port:      -

I have looked at the PID relating to this which is svchost and hence encompasses multiple services eg audio service, browser, etc etc all of which are running just fine, and can (and have been) stopped and started.
The information above was pasted from a DC called abc23s003 - hence it is reporting this error into it's own logs, I do however have exactly the same errors appearing on multiple Member servers also.

The above event is preceded by the following:

Service Ticket Request:
       User Name:            ABC23S003$@CS.GCG.NET
       User Domain:            CS.GCG.NET
       Service Name:            host/abc23s003.cs.gcg.net
       Service ID:            -
       Ticket Options:            0x40810000
       Ticket Encryption Type:      -
       Client Address:            127.0.0.1
       Failure Code:            0x12
       Logon GUID:            -
       Transited Services:      -

I have googled about but have come up with no solutions.
Any suggestions?
0
Comment
Question by:Greencore
3 Comments
 
LVL 38

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 21891566
I noticed the call had no domain and the user was the local computer. So, I looked up the CLID: and it appears like you are trying to run SVChost.exe from a local account. Now this should be fine if you were logging in locally and running local processes. However, it looks like your clients and server are trying to run a RPC process and that process is running as the local system.
http://support.microsoft.com/kb/890477

Look for RPC errors or application hangs or other errors that may be able to point us to the right process in the event logs. That may tell us what process we need to focus on.

To further investigate what thread SVCHOST is trying to run, you might want to Run Process monitor from sysinternal's website. However, this usually red flags processes that max out resources rather than looks for threads that are just denied service. So, I don't know how much this will help you out. There are some good tools for Process Monitor and one of them migh be what permissions the process is running as.
http://technet.microsoft.com/en-us/sysinternals/cb56073f-62a3-4ed8-9dd6-40c84cb9e2f5.aspx
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Learn about cloud computing and its benefits for small business owners.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question