Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows 2003 Event Viewer > Security > Failure Audit > Event id 537

Posted on 2011-03-16
6
Medium Priority
?
1,239 Views
Last Modified: 2012-08-13
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            3/16/2011
Time:            7:18:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      10.0.1.4
       Source Port:      17981


I have 19 occurences within last 72 hours

10.0.1.4 detected as  Netgear,In:00:AF:09

I have only one NetGear product in the network and that would be Neatgear Prosfafe VPN Firewall FVS318, which I used to make an extra connection for a PC without ethernet jack


So what's going on here?

0
Comment
Question by:Anti-Mhz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152287
Verified, the MAC address is the one of the device mentioned above
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152392
source port varies from entry to entry
18276
17981
17924
0
18429
17982
17976
18381
18384
18373
17930
18303


which falls into range of 17924-18429, which is not of any known allowed services listed on router.

-noticed that the router password was set as default, changed

0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152417
Do you have a mix of 2003 & 2008/R2 domain controllers?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152516
no, in this scenario theres only one DC and its running 2003 SP2
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152600
Are the user, workstation, and domain names actually blank like that?  Is there a consistent time interval between the errors or are they pretty random?  (sorry I only have questions at the moment)
0
 
LVL 13

Accepted Solution

by:
IT-Monkey-Dave earned 1000 total points
ID: 35152679
(I admit I'm googling)  

Event ID 537 and error code 0xC0000133 may be related to a time synchronization problem somewhere.  

Substatus code:  0xC0000133 supposedly means “The time at the primary domain controller is different from the time at the backup domain controller or member server by too large an amount.”
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question