Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Pre-Authentication failures on DC

Posted on 2014-02-05
1
Medium Priority
?
477 Views
1 Endorsement
Last Modified: 2014-02-06
I have seen these in the event viewer on my DCs for a while and have never been able to figure out the cause. It has never caused any issues that I am aware of but I would like to see if i can figure out what exactly is going on to cause these messages. And hopefully resolve them.

Our domain is still 2003 forest and function level but we have performed the prep for 2008 r2.

Event ID 675
Source Security

Pre-authentication failed:
       User Name:      usrname
       User ID:            domainname\usrname
       Service Name:      krbtgt/domainname
       Pre-Authentication Type:      0x0
       Failure Code:      0x19
       Client Address:      192.168.100.149

These will show up with different users from within our organization but as I said never seen to cause any issues such as lockouts etc.
1
Comment
Question by:Joseph Daly
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39837651
You are getting this warning due to a AES 128 encryption which is being sent using either Windows Vista/7 or server 2008 member servers. This is a new encryption format that there clients and servers user. 2003 DC's do not support this type of encryption which throws an error in the event log. This event is harmless and can be ignored. If you are looking to surpress this error message you can setup your clients/member servers to use a lower level authentication encryption.

You can distribute the registry key using GPO to your workstations and member servers.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: DefaultEncryptionType
Type: REG_DWORD 
Value: 23

Open in new window



Personally I would not bother with this change if you are looking to upgrade your DC's in the near future, as you will want to undo this change to get the highest level of encryption.

You can also check out the link below which provides great detail on this error message and the reasoning for it.

Event ID 675

Will.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question