rpmccly
asked on
krbtgt service errors
We've been having multiple errors with on our performance report.
Source
Security
Pre-authentication failed:
	User Name:	"COMPUTER NAME"$
	User ID:	"DOMAIN"\"COMPUTER NAME"$
	Service Name:	krbtgt/Domain.loc al
	Pre-Authentication Type:	0x0
	Failure Code:	0x19
	Client Address:	"COMPUTER IP"
I had seen something that said you might get these errors when the domain isn't all caps. It is all caps under "User ID" but not "Service Name" as described above. Is that why I am getting that error and if so why did it just start this week? We had a server crash this weekend that we think was from someone trying to hack the administrator account, is that maybe why?
Source
Security
Pre-authentication failed:
	User Name:	"COMPUTER NAME"$
	User ID:	"DOMAIN"\"COMPUTER NAME"$
	Service Name:	krbtgt/Domain.loc
	Pre-Authentication Type:	0x0
	Failure Code:	0x19
	Client Address:	"COMPUTER IP"
I had seen something that said you might get these errors when the domain isn't all caps. It is all caps under "User ID" but not "Service Name" as described above. Is that why I am getting that error and if so why did it just start this week? We had a server crash this weekend that we think was from someone trying to hack the administrator account, is that maybe why?
Did you check if the kerberos service is running?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Kerberos Key Districution Center is running.
Well it just started happening though. I have seen the errors on mostly Windows 7/Vista machines but there was 1 XP machine that had it.
For now I am going to ignore them and look more in depth at a later point.
Thanks
Well it just started happening though. I have seen the errors on mostly Windows 7/Vista machines but there was 1 XP machine that had it.
For now I am going to ignore them and look more in depth at a later point.
Thanks
ASKER
Ok, we've had the errors on multiple XP machines so its pretty random, any other ideas?
ASKER
I looked at the server and the krbtgt user account is disabled. When I try to enable it, it says it can't perform this action on built-in accounts.
Is this related?
Is this related?
ASKER
According to:
http://support.microsoft.com/kb/229909
the krbtgt account should be disabled as it doesn't need to be enabled for authentication? So why did we randomly start getting the errors?
http://support.microsoft.com/kb/229909
the krbtgt account should be disabled as it doesn't need to be enabled for authentication? So why did we randomly start getting the errors?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
All the krbtgt problems just started occuring which is why I kept on it. Are you saying to ignore the issues? We do get the errors on XP machines, not only Vista/7 machines.
ASKER
There was an option in AD that said to force the authentication. I unchecked it so I obviously don't get that error for the person anymore. Was this a good or bad idea?
Sorry, I missed the notification for your earlier comment.
Which option specifically was it that you unchecked?
-Matt
ASKER
"Do not require Kerberos pre-authentication"
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
AND.....unchecked!
Thanks! It was checked to get rid of the error in the performance log which isn't a concern at all so I would rather see the error and be secure!
Thanks! It was checked to get rid of the error in the performance log which isn't a concern at all so I would rather see the error and be secure!
ASKER
Error will be ignored as its not a concern!
Fantastic! Glad to be of assistance.