Security event 675, code 0x19 - Logging into Win2k8

lunanat
lunanat used Ask the Experts™
on
Every time any domain account logs into a Win2k8 server, it generates an error such as :

Security: 675: NT AUTHORITY\SYSTEM: Pre-authentication failed: User Name: vbroker User ID: %{S-1-5-21-448539723-1606980848-682003330-3195} Service Name: krbtgt/<domain> Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: 192.168.11.111(server15)

Domain is 2003 Native.

What other information is needed to troubleshoot?  Failure code 0x19 means that the kerberos pre-authentication failed.

DCdiag, netdiag, and repldiag show no interesting information about the matter.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Author

Commented:
Correction... repladmin, not repldiag.  Single-track mind day.
PberSolutions Architect

Commented:
Is the server and client forward and reverse DNS records correct?  The reason being is that KERBEROS (which is the service complaining about the pre-authentication failure), relies on DNS to resolve the FQDN to be able to issue the KERBEROS tickets.
 

Author

Commented:
Yes, the A and PTR records for all of the Win2k8 servers, as well as all of my DCs are accurate.
PberSolutions Architect

Commented:
What about the client's machine?  Or is he/she logging onto the server?

Author

Commented:
The errors are logged when accessing services hosted off of the server, and when a user logs in directly to the server - either at the console, or over MSTSC.

Unfortunately, none of the linked articles were able to provide assistance.. I'd looked through the first two before I posted here.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial