[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 485
  • Last Modified:

Recurring Security Error Log

Has anyone experienced repeated security logs like the one below?  I have scanned for virus, etc.  The particular computer being reported in the log is my domain controller server and the user name and id is actually a NAS unit.

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      675
Date:            4/13/2009
Time:            6:51:34 AM
User:            NT AUTHORITY\SYSTEM
Computer:      DC
Description:
Pre-authentication failed:
       User Name:      tera_server$
       User ID:            PD\tera_server$
       Service Name:      krbtgt/PD.VIDALIAGA.COM
       Pre-Authentication Type:      0x0
       Failure Code:      0x19
       Client Address:      192.168.1.135


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
carolinasgirl28
Asked:
carolinasgirl28
  • 5
  • 4
1 Solution
 
Donald StewartNetwork AdministratorCommented:
read here
http://www.ultimatewindowssecurity.com/securitylog/event.aspx?eventID=675 
"Most events generated by computer accounts are safe to ignore."
0
 
carolinasgirl28Author Commented:
My only concern with this, is that, for some reason I don't under stand, when the security log fills up, my clients can't log in to their computers until I go in as admin and clear the log.  It's like even though there is no user logging into the nas unit, it is generating these logs and it affects everyone on the network.  Any ideas on how to correct this?
0
 
Donald StewartNetwork AdministratorCommented:
Have you checked the time synch?
or tried to reset the computer account password?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Donald StewartNetwork AdministratorCommented:
0
 
carolinasgirl28Author Commented:
Welllll, thanks for the links.  I have checked the time.  The NAS was an hour off so I fixed that.  Still getting the event errors though.  Looked at the other link....(big sigh).  

The users on my network are still filling up with event logs and I have to continually log in as the admin and clear them out before anyone else can log on.  I did notice that the local computer logs are different from that of the server.  The local computer logs give the error "The windows firewall has detected an application listening for incoming traffic"  

I have set all policies to not report any events temporarily to see if that would help.  Has not.

Anything else up your sleeve?
0
 
Donald StewartNetwork AdministratorCommented:
DId you try resetting the machine account password?
http://support.microsoft.com/kb/325850
Did you set the DONT_REQ_PREAUTH flag ?
You could also increase the log size and have it overwrite as needed
0
 
Donald StewartNetwork AdministratorCommented:
Check the dns settings on the NAS unit
 
and you may also want to...
 
How to force Kerberos to use TCP instead of UDP in Windows
0
 
carolinasgirl28Author Commented:
Well.  Turns out we have been hit with the conficker.  Have cleaned the network, usb drives, etc....thing just keeps popping back up.
0
 
carolinasgirl28Author Commented:
Removed the conficker virus and the errors quit.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now