Solved

Windows 2003 Event Viewer > Security > Failure Audit > Event id 537

Posted on 2011-03-16
6
1,202 Views
Last Modified: 2012-08-13
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            3/16/2011
Time:            7:18:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      SERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC000006D
       Substatus code:      0xC0000133
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      10.0.1.4
       Source Port:      17981


I have 19 occurences within last 72 hours

10.0.1.4 detected as  Netgear,In:00:AF:09

I have only one NetGear product in the network and that would be Neatgear Prosfafe VPN Firewall FVS318, which I used to make an extra connection for a PC without ethernet jack


So what's going on here?

0
Comment
Question by:Anti-Mhz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152287
Verified, the MAC address is the one of the device mentioned above
0
 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152392
source port varies from entry to entry
18276
17981
17924
0
18429
17982
17976
18381
18384
18373
17930
18303


which falls into range of 17924-18429, which is not of any known allowed services listed on router.

-noticed that the router password was set as default, changed

0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152417
Do you have a mix of 2003 & 2008/R2 domain controllers?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 1

Author Comment

by:Anti-Mhz
ID: 35152516
no, in this scenario theres only one DC and its running 2003 SP2
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 35152600
Are the user, workstation, and domain names actually blank like that?  Is there a consistent time interval between the errors or are they pretty random?  (sorry I only have questions at the moment)
0
 
LVL 13

Accepted Solution

by:
IT-Monkey-Dave earned 250 total points
ID: 35152679
(I admit I'm googling)  

Event ID 537 and error code 0xC0000133 may be related to a time synchronization problem somewhere.  

Substatus code:  0xC0000133 supposedly means “The time at the primary domain controller is different from the time at the backup domain controller or member server by too large an amount.”
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
VOIP gateways - feedback 23 119
SMPS issue 1 70
HP Storage and Cisco Nexus 4 69
How to change ESXi 6.5 NIC E1000 to vmxnet3 9 83
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question