Multiple 4625 Logon Failures in Security Log

We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:

The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.

This also generates Multiple 4625 Audit Failures in the Security Log
Subject:
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Information:
Failure Reason: Unknown User Name or Bad Password
Status: 0xc000006d
Sub Status: 0xc000006a

The source network address is the Domain Controller.

The server receiving the error is a Windows 2008 SP2

This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.

Any insight or help would be appreciated.
LVL 3
overcld9Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
overcld9Connect With a Mentor Author Commented:
Resting the account casused the trust relationship to break on the client machine. I had to remove the machine from the domain and add it back again to fix the trust relationship. This still did not fix the Kerberos Error on the Server. The key to fixing it is the names were different on the received from and the reply to in the error. The fix was actually quite simple once I actually used my brain. There were duplicate entries for multiple ip's in DNS. Scaveging Stale Records and deleting the remaining duplicates resolved the issue.
0
 
fr0nkConnect With a Mentor Commented:
0xc000006a means: user name was ok, password not. Since the error is coming from a computer account (desktop40$), you might want to reset the password for that computer account. Right click the computer in dsa.msc and select "reset account".

This normally happens when the client doesn't talk to the DC in a long time, so the DC assumes that this account is invalid.

Hope this helps.
Kind regards.
0
 
overcld9Author Commented:
Please Close the Question
0
 
overcld9Author Commented:
The only thing that was accomplished by fr0nk's suggestion was breaking the trust relationship of the local computer account
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.