Solved

Event ID:      537 Windows 2000

Posted on 2012-03-29
1
1,123 Views
Last Modified: 2012-06-27
Hi,
Hopefully someone might be able to help. I keep getting the following Audit failure on one of our Exchange boxes:

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            29/03/2012
Time:            10:08:01
User:            NT AUTHORITY\SYSTEM
Computer:      SERVERNAME
Description:
Logon Failure:
       Reason:            An unexpected error occurred during logon
       User Name:      
       Domain:            
       Logon Type:      3
       Logon Process:
       Authentication Package:      NTLM
       Workstation Name:
      
This audit failure fills up the log in about a minute, which is weird to say the least.
The server is quite old, (Windows 2000 SP4 with all critical and important patches), and is one of our exchange servers and I’d a bit loathed to reboot it as it will cause a lot of paperwork.

I was wondering if anyone had come across this issue before.

I’ve had a look around on the web for similar issues, but I haven’t found one that fits the bill precisely. There are a lot of 537 events depicting Kerberos errors, but as you can see the logon process is blank. Also a few people have suggested that it might be a DC time issue, but all out DCs have the correct time and replication is A-OK.

Using Process Explorer, (by sysinternals) I think it’s the LSASS.exe process that’s the cause as it’s chewing up a load of CPU time. I’m not sure though as I can’t trace it back to the Audit failure, as you can see the logs aren’t detailed enough. I don’t want to kill it as I know it’ll probably hang the server.

Any information on how to retrieve further details on how to obtain more information about logon failures would be most grateful.

Thanks.

AD functional level 2003
DCs:             4 Win 2003 servers and 1 Win 2008 R2 server
Exchange:       3 Win 2003 servers and 1 win 2000 (SP4) server.
0
Comment
Question by:fossor
1 Comment
 

Accepted Solution

by:
fossor earned 0 total points
ID: 37782800
FIXED

Found that the IIS Service had errors on it. It couldn't see to see it's "backofficestore" in so of its objects. Stopped and restarted the IIS. The IIS objects reconnected and the Security Audit Failures stopped. All looking OK now.

Should have looked at the OWA a little sooner to be hoest... :-/
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now