Solved

Authz Logon Failures with no User Name, Domain Name, Source Network Address or Source Port

Posted on 2008-06-18
3
1,568 Views
Last Modified: 2008-11-22
Hi there,
Across our network I seem to be getting numerous of these errors - I have pasted details below:

Logon Failure:
       Reason:            Account locked out
       User Name:      
       Domain:      
       Logon Type:      3
       Logon Process:      Authz  
       Authentication Package:      Kerberos
       Workstation Name:      ABC23S003
       Caller User Name:      ABC23S003$
       Caller Domain:      CS
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID: 1068
       Transited Services: -
       Source Network Address:      -
       Source Port:      -

I have looked at the PID relating to this which is svchost and hence encompasses multiple services eg audio service, browser, etc etc all of which are running just fine, and can (and have been) stopped and started.
The information above was pasted from a DC called abc23s003 - hence it is reporting this error into it's own logs, I do however have exactly the same errors appearing on multiple Member servers also.

The above event is preceded by the following:

Service Ticket Request:
       User Name:            ABC23S003$@CS.GCG.NET
       User Domain:            CS.GCG.NET
       Service Name:            host/abc23s003.cs.gcg.net
       Service ID:            -
       Ticket Options:            0x40810000
       Ticket Encryption Type:      -
       Client Address:            127.0.0.1
       Failure Code:            0x12
       Logon GUID:            -
       Transited Services:      -

I have googled about but have come up with no solutions.
Any suggestions?
0
Comment
Question by:Greencore
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 39

Accepted Solution

by:
ChiefIT earned 250 total points
ID: 21891566
I noticed the call had no domain and the user was the local computer. So, I looked up the CLID: and it appears like you are trying to run SVChost.exe from a local account. Now this should be fine if you were logging in locally and running local processes. However, it looks like your clients and server are trying to run a RPC process and that process is running as the local system.
http://support.microsoft.com/kb/890477

Look for RPC errors or application hangs or other errors that may be able to point us to the right process in the event logs. That may tell us what process we need to focus on.

To further investigate what thread SVCHOST is trying to run, you might want to Run Process monitor from sysinternal's website. However, this usually red flags processes that max out resources rather than looks for threads that are just denied service. So, I don't know how much this will help you out. There are some good tools for Process Monitor and one of them migh be what permissions the process is running as.
http://technet.microsoft.com/en-us/sysinternals/cb56073f-62a3-4ed8-9dd6-40c84cb9e2f5.aspx
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question