Solved

Multiple 4625 Logon Failures in Security Log

Posted on 2010-11-29
4
4,602 Views
Last Modified: 2012-05-10
We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:

The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.

This also generates Multiple 4625 Audit Failures in the Security Log
Subject:
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Information:
Failure Reason: Unknown User Name or Bad Password
Status: 0xc000006d
Sub Status: 0xc000006a

The source network address is the Domain Controller.

The server receiving the error is a Windows 2008 SP2

This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.

Any insight or help would be appreciated.
0
Comment
Question by:overcld9
  • 3
4 Comments
 
LVL 4

Assisted Solution

by:fr0nk
fr0nk earned 20 total points
ID: 34232670
0xc000006a means: user name was ok, password not. Since the error is coming from a computer account (desktop40$), you might want to reset the password for that computer account. Right click the computer in dsa.msc and select "reset account".

This normally happens when the client doesn't talk to the DC in a long time, so the DC assumes that this account is invalid.

Hope this helps.
Kind regards.
0
 
LVL 3

Accepted Solution

by:
overcld9 earned 0 total points
ID: 34278234
Resting the account casused the trust relationship to break on the client machine. I had to remove the machine from the domain and add it back again to fix the trust relationship. This still did not fix the Kerberos Error on the Server. The key to fixing it is the names were different on the received from and the reply to in the error. The fix was actually quite simple once I actually used my brain. There were duplicate entries for multiple ip's in DNS. Scaveging Stale Records and deleting the remaining duplicates resolved the issue.
0
 
LVL 3

Author Comment

by:overcld9
ID: 34278245
Please Close the Question
0
 
LVL 3

Author Closing Comment

by:overcld9
ID: 34317128
The only thing that was accomplished by fr0nk's suggestion was breaking the trust relationship of the local computer account
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question