Pre-Authentication Failure error code 0x19

I am getting thousands of messages daily for two accounts where the security logs show pre-authentication failures with failure code 0x19.  The odd thing is that despite of this the accounts do not get locked out eventhough I have a policy that accounts lock out after 3 failed logon attempts and they stay locked until an administrator unlocks it.  Does anyone have any ideas on what is causing this and how to resolve it?
LVL 2
amnhtechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

thenoneCommented:
it sounds like you have a service running with these accounts and the password has chnaged. If that is the case you would recieve this error over and over again.
amnhtechAuthor Commented:
I thought of these since these are service accounts but the passwords have not changed.  When looking at the account properties the "must change password on next logon" is not set.  Also these accounts are set to password never changes.
thenoneCommented:
is this happening on the server or a workstation?
Get Blueprints for Increased Customer Retention

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

thenoneCommented:
can you post the error log
amnhtechAuthor Commented:
I am getting the errors in the security log on the DC.  I redirect my logs to a syslog server so here are a few sample lines in plain text format. These are two sample lines in my logs.  Sometimes it is this username and other times there is another username.  The Application that is dependent on this service continues to function.

2009-09-30 08:38:04,Auth.Error,172.16.8.51,Sep 30 08:38:02 domaincontroller security[failure] 675 NT AUTHORITY\SYSTEM Pre-authentication failed: <009>User Name:<009>RTCService <009>User ID:%{S-1-5-21-xxxxxxx <009>Service Name:<009>krbtgt/DOMAINNAME <009>Pre-Authentication Type:<009>0x0 <009>Failure Code:<009>0x19 <009>Client Address:<009>172.16.8.115
2009-09-30 08:38:04,Auth.Error,172.16.8.51,Sep 30 08:38:02 domaincontroller security[failure] 672 NT AUTHORITY\SYSTEM Authentication Ticket Request: <009>User Name:<009><009>RTCService <009>Supplied Realm Name:<009>DOMAINNAME <009>User ID:<009><009><009>- <009>Service Name:<009><009>krbtgt/DOMAINNAME <009>Service ID:<009><009>- <009>Ticket Options:<009><009>0x40810010 <009>Result Code:<009><009>0x17 <009>Ticket Encryption Type:<009>- <009>Pre-Authentication Type:<009>- <009>Client Address:<009><009>172.16.8.115 <009>Certificate Issuer Name:<009> <009>Certificate Serial Number:<009> <009>Certificate Thumbprint:<009>
thenoneCommented:
this is happening on the clients machine with a service that is connected on that machine.
amnhtechAuthor Commented:
If I understand your question correctly, yes.  The service runs on a member server of the domain.  It attempts to authenticate periodically and this generates the log entry on the DC.  However, the service on the member server continues to run and the application appears to function properly
thenoneCommented:
correct
thenoneCommented:
I had this problem with a user that was no longer with the company.
amnhtechAuthor Commented:
the account definitely exists in AD and wouldnt I get an error more along the lines of User does not exist or something.  And if the account did not exist then the service should no longer run and the app should fail no?
thenoneCommented:
Here is what I suggest. Reset the password to the same password as it was and reconfigure the password doesn't expire.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
thenoneCommented:
You will have to restart the services.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.