Solved

Multiple 4625 Logon Failures in Security Log

Posted on 2010-11-29
4
4,636 Views
Last Modified: 2012-05-10
We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:

The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.

This also generates Multiple 4625 Audit Failures in the Security Log
Subject:
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Information:
Failure Reason: Unknown User Name or Bad Password
Status: 0xc000006d
Sub Status: 0xc000006a

The source network address is the Domain Controller.

The server receiving the error is a Windows 2008 SP2

This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.

Any insight or help would be appreciated.
0
Comment
Question by:overcld9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 4

Assisted Solution

by:fr0nk
fr0nk earned 20 total points
ID: 34232670
0xc000006a means: user name was ok, password not. Since the error is coming from a computer account (desktop40$), you might want to reset the password for that computer account. Right click the computer in dsa.msc and select "reset account".

This normally happens when the client doesn't talk to the DC in a long time, so the DC assumes that this account is invalid.

Hope this helps.
Kind regards.
0
 
LVL 3

Accepted Solution

by:
overcld9 earned 0 total points
ID: 34278234
Resting the account casused the trust relationship to break on the client machine. I had to remove the machine from the domain and add it back again to fix the trust relationship. This still did not fix the Kerberos Error on the Server. The key to fixing it is the names were different on the received from and the reply to in the error. The fix was actually quite simple once I actually used my brain. There were duplicate entries for multiple ip's in DNS. Scaveging Stale Records and deleting the remaining duplicates resolved the issue.
0
 
LVL 3

Author Comment

by:overcld9
ID: 34278245
Please Close the Question
0
 
LVL 3

Author Closing Comment

by:overcld9
ID: 34317128
The only thing that was accomplished by fr0nk's suggestion was breaking the trust relationship of the local computer account
0

Featured Post

Why You Need a DevOps Toolchain

IT needs to deliver services with more agility and velocity. IT must roll out application features and innovations faster to keep up with customer demands, which is where a DevOps toolchain steps in. View the infographic to see why you need a DevOps toolchain.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question