Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Multiple 4625 Logon Failures in Security Log

Posted on 2010-11-29
4
Medium Priority
?
4,833 Views
Last Modified: 2012-05-10
We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:

The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.

This also generates Multiple 4625 Audit Failures in the Security Log
Subject:
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Information:
Failure Reason: Unknown User Name or Bad Password
Status: 0xc000006d
Sub Status: 0xc000006a

The source network address is the Domain Controller.

The server receiving the error is a Windows 2008 SP2

This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.

Any insight or help would be appreciated.
0
Comment
Question by:overcld9
  • 3
4 Comments
 
LVL 4

Assisted Solution

by:fr0nk
fr0nk earned 80 total points
ID: 34232670
0xc000006a means: user name was ok, password not. Since the error is coming from a computer account (desktop40$), you might want to reset the password for that computer account. Right click the computer in dsa.msc and select "reset account".

This normally happens when the client doesn't talk to the DC in a long time, so the DC assumes that this account is invalid.

Hope this helps.
Kind regards.
0
 
LVL 3

Accepted Solution

by:
overcld9 earned 0 total points
ID: 34278234
Resting the account casused the trust relationship to break on the client machine. I had to remove the machine from the domain and add it back again to fix the trust relationship. This still did not fix the Kerberos Error on the Server. The key to fixing it is the names were different on the received from and the reply to in the error. The fix was actually quite simple once I actually used my brain. There were duplicate entries for multiple ip's in DNS. Scaveging Stale Records and deleting the remaining duplicates resolved the issue.
0
 
LVL 3

Author Comment

by:overcld9
ID: 34278245
Please Close the Question
0
 
LVL 3

Author Closing Comment

by:overcld9
ID: 34317128
The only thing that was accomplished by fr0nk's suggestion was breaking the trust relationship of the local computer account
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question