lunanat
asked on
Security event 675, code 0x19 - Logging into Win2k8
Every time any domain account logs into a Win2k8 server, it generates an error such as :
Security: 675: NT AUTHORITY\SYSTEM: Pre-authentication failed: User Name: vbroker User ID: %{S-1-5-21-448539723-16069 80848-6820 03330-3195 } Service Name: krbtgt/<domain> Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: 192.168.11.111(server15)
Domain is 2003 Native.
What other information is needed to troubleshoot? Failure code 0x19 means that the kerberos pre-authentication failed.
DCdiag, netdiag, and repldiag show no interesting information about the matter.
Security: 675: NT AUTHORITY\SYSTEM: Pre-authentication failed: User Name: vbroker User ID: %{S-1-5-21-448539723-16069
Domain is 2003 Native.
What other information is needed to troubleshoot? Failure code 0x19 means that the kerberos pre-authentication failed.
DCdiag, netdiag, and repldiag show no interesting information about the matter.
Is the server and client forward and reverse DNS records correct? The reason being is that KERBEROS (which is the service complaining about the pre-authentication failure), relies on DNS to resolve the FQDN to be able to issue the KERBEROS tickets.
ASKER
Yes, the A and PTR records for all of the Win2k8 servers, as well as all of my DCs are accurate.
What about the client's machine? Or is he/she logging onto the server?
It is usually DNS issues that cause this for me, but you can look at these as well:
http://www.eventid.net/display.asp?eventid=675&eventno=62&source=Security&phase=1
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675
http://www.windowsitpro.com/article/kerberos/discovering-the-cause-of-an-event-id-675.aspx
http://www.eventid.net/display.asp?eventid=675&eventno=62&source=Security&phase=1
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675
http://www.windowsitpro.com/article/kerberos/discovering-the-cause-of-an-event-id-675.aspx
ASKER
The errors are logged when accessing services hosted off of the server, and when a user logs in directly to the server - either at the console, or over MSTSC.
Unfortunately, none of the linked articles were able to provide assistance.. I'd looked through the first two before I posted here.
Unfortunately, none of the linked articles were able to provide assistance.. I'd looked through the first two before I posted here.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER