Kerberos error 0x6 Event ID 672
I have 20 users using outlook 2007 attached to a hosted exchange 2007 outside the network. Every day when they open Outlook they are required to enter their user name (their email address, different from their NT usernames) and password (passwords match their NT pass).
Every so often throughout the day that user name and password box pops up again and again asking for their password in which sometimes it takes and sometimes it just keeps asking.
I just noticed on my DC today that it logs a Security Event ID: 672
Date: 2/4/2009
Time: 9:54:19 AM
User: NT AUTHORITY\SYSTEM
Computer: Servername
Description:
Authentication Ticket Request:
User Name: email@domain.com
Supplied Realm Name: Domain.COM
User ID: -
Service Name: krbtgt/domain.COM
Service ID: -
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: -
Pre-Authentication Type: -
Client Address: 192.168.3.188
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Am I doing something wrong by having their email addresses which are their login names for their email, different from their internal NT usernames? Any help would be great.
Every so often throughout the day that user name and password box pops up again and again asking for their password in which sometimes it takes and sometimes it just keeps asking.
I just noticed on my DC today that it logs a Security Event ID: 672
Date: 2/4/2009
Time: 9:54:19 AM
User: NT AUTHORITY\SYSTEM
Computer: Servername
Description:
Authentication Ticket Request:
User Name: email@domain.com
Supplied Realm Name: Domain.COM
User ID: -
Service Name: krbtgt/domain.COM
Service ID: -
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: -
Pre-Authentication Type: -
Client Address: 192.168.3.188
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Am I doing something wrong by having their email addresses which are their login names for their email, different from their internal NT usernames? Any help would be great.
dfxdeimos
Is this hosted Exchange 2007 machine part of your internal domain?
ASKER
No, it is a service located outside my domain.
Hmm...
Event ID 672 indicates that the kerberos authentication process was successful.
How are you connecting to the server? RPC over HTTPs? Do you have a persistant VPN connection between your network and it?
Event ID 672 indicates that the kerberos authentication process was successful.
How are you connecting to the server? RPC over HTTPs? Do you have a persistant VPN connection between your network and it?
ASKER
Some other comments: This is happening to my PC right now. My outlook pops up the box with my email already there for the user name and wants me to type in my password. When I do, it just pops back up again. Then I check my PDC and there are a bunch of 672 errors with my email address and PC's ip as the culprit.
My email still works like always, but down in the lower left-hand corner it says outlook needs password.
My email still works like always, but down in the lower left-hand corner it says outlook needs password.
ASKER
"Event ID 672 indicates that the kerberos authentication process was successful."
It is telling me this is a "Failure Audit" in the security event viewer.
"How are you connecting to the server? RPC over HTTPs? Do you have a persistant VPN connection between your network and it?"
HTTP. No VPN connection. I have this same exact service (SherWeb) at home, W2k server, and I never see these issues. Same setup except for the server client size and its 2000.
It is telling me this is a "Failure Audit" in the security event viewer.
"How are you connecting to the server? RPC over HTTPs? Do you have a persistant VPN connection between your network and it?"
HTTP. No VPN connection. I have this same exact service (SherWeb) at home, W2k server, and I never see these issues. Same setup except for the server client size and its 2000.
That is odd, generally a 672 indicates a success. Can you post a screenshot of the error?
Well, W2K server and Exchange 2000 (or 2003) is a big difference from 2007. To be honest I have never been a fan of outsourced Exchange hosting, but that is just me.
Have you contacted SherWeb and talked to their tech support? That is where I would start, as they would be the most knowledgable about their systems.
Well, W2K server and Exchange 2000 (or 2003) is a big difference from 2007. To be honest I have never been a fan of outsourced Exchange hosting, but that is just me.
Have you contacted SherWeb and talked to their tech support? That is where I would start, as they would be the most knowledgable about their systems.
ASKER
I have called SherWeb and they assure me this has to be internal.
I love the hosted exchange, it has been such a carefree tool to have seeing how I am the only IT person they have. When I am gone there are no worries about Exchange as it has been bump free for the two years I have had it.
Attached is the Event.
Capture2.JPG
I love the hosted exchange, it has been such a carefree tool to have seeing how I am the only IT person they have. When I am gone there are no worries about Exchange as it has been bump free for the two years I have had it.
Attached is the Event.
Capture2.JPG
While I research this, what happened / changed in your network when this started occuring?
ASKER
Actually, nothing has changed. This has been something that has been going on for the last 6 months and seems to come and go week to week. I just finally decided to try and hit the nail on the head once and for all.
Can you do a test on a machine that is not a member of your domain and see if it is having the same issue? That will help start narrowing it down.
ASKER
I hate to say this, but I know if I set up a different machine this probably wont happen. It does not happen on every machine on my network. Only a few. 4 XP and 1 Vista. And it is very sporadic. However today, it has been pretty bad for the Vista and one XP only.
That being said, I will see what I can set up.
That being said, I will see what I can set up.
So, even though it is sporadic is its sporacness contained to certain computers?
ASKER
For the most part, yes. It may happen once of twice in a month to the others. Not enough to matter really.
There isn't anything wrong with these computers that I can tell. This the only issue they all really have. Its weird, like I said, some days it won't happen at all. But today is the first time I was able to track it in the event viewer on my DC.
There isn't anything wrong with these computers that I can tell. This the only issue they all really have. Its weird, like I said, some days it won't happen at all. But today is the first time I was able to track it in the event viewer on my DC.
ASKER
This is the closest thread similar to my issue that I have been able to find on my own. But so far, it has been no help to me. http://techrepublic.com.com/5208-7343-0.html?forumID=101&threadID=273186&messageID=2600809
Are there any events in the logs of the PCs in question, not just the DC?
ASKER
The other machines seem to be catching some security 529 errors. But the times of the errors don't exactly correspond with there errors on the DC security log. Not even within minutes.
On one of the machines that is having the error, try resetting its secure channel.
Run the following command at the command prompt:
netdom reset /d:YOURDOMAIN.LOCAL COMPUTERYOUAREON'SNAME
Reboot the computer and see if any change in the issue is seen.
Run the following command at the command prompt:
netdom reset /d:YOURDOMAIN.LOCAL COMPUTERYOUAREON'SNAME
Reboot the computer and see if any change in the issue is seen.
ASKER
netdom is not recognized as an internal or external command.
My apologies, you are going to have to download the Windows XP Support tools if you try this on an XP box. It should be included in Vista, or added via the Add / Remove Windows Components screen as part of the Administrative Tools.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.