Solved

Windows 2003 Event Viewer > Security > Failure Audit > Event id 537

Posted on 2011-03-16
6
1,177 Views
Last Modified: 2012-08-13
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            3/16/2011
Time:            7:18:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      10.0.1.4
       Source Port:      17981


I have 19 occurences within last 72 hours

10.0.1.4 detected as  Netgear,In:00:AF:09

I have only one NetGear product in the network and that would be Neatgear Prosfafe VPN Firewall FVS318, which I used to make an extra connection for a PC without ethernet jack


So what's going on here?

0
Comment
Question by:Anti-Mhz
  • 3
  • 3
6 Comments
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152287
Verified, the MAC address is the one of the device mentioned above
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152392
source port varies from entry to entry
18276
17981
17924
0
18429
17982
17976
18381
18384
18373
17930
18303


which falls into range of 17924-18429, which is not of any known allowed services listed on router.

-noticed that the router password was set as default, changed

0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152417
Do you have a mix of 2003 & 2008/R2 domain controllers?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152516
no, in this scenario theres only one DC and its running 2003 SP2
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152600
Are the user, workstation, and domain names actually blank like that?  Is there a consistent time interval between the errors or are they pretty random?  (sorry I only have questions at the moment)
0
 
LVL 13

Accepted Solution

by:
IT-Monkey-Dave earned 250 total points
ID: 35152679
(I admit I'm googling)  

Event ID 537 and error code 0xC0000133 may be related to a time synchronization problem somewhere.  

Substatus code:  0xC0000133 supposedly means “The time at the primary domain controller is different from the time at the backup domain controller or member server by too large an amount.”
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

823 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question