Solved

Multiple 4625 Logon Failures in Security Log

Posted on 2010-11-29
4
4,502 Views
Last Modified: 2012-05-10
We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:

The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.

This also generates Multiple 4625 Audit Failures in the Security Log
Subject:
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Information:
Failure Reason: Unknown User Name or Bad Password
Status: 0xc000006d
Sub Status: 0xc000006a

The source network address is the Domain Controller.

The server receiving the error is a Windows 2008 SP2

This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.

Any insight or help would be appreciated.
0
Comment
Question by:overcld9
  • 3
4 Comments
 
LVL 4

Assisted Solution

by:fr0nk
fr0nk earned 20 total points
ID: 34232670
0xc000006a means: user name was ok, password not. Since the error is coming from a computer account (desktop40$), you might want to reset the password for that computer account. Right click the computer in dsa.msc and select "reset account".

This normally happens when the client doesn't talk to the DC in a long time, so the DC assumes that this account is invalid.

Hope this helps.
Kind regards.
0
 
LVL 3

Accepted Solution

by:
overcld9 earned 0 total points
ID: 34278234
Resting the account casused the trust relationship to break on the client machine. I had to remove the machine from the domain and add it back again to fix the trust relationship. This still did not fix the Kerberos Error on the Server. The key to fixing it is the names were different on the received from and the reply to in the error. The fix was actually quite simple once I actually used my brain. There were duplicate entries for multiple ip's in DNS. Scaveging Stale Records and deleting the remaining duplicates resolved the issue.
0
 
LVL 3

Author Comment

by:overcld9
ID: 34278245
Please Close the Question
0
 
LVL 3

Author Closing Comment

by:overcld9
ID: 34317128
The only thing that was accomplished by fr0nk's suggestion was breaking the trust relationship of the local computer account
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now