Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Pre-Authentication failures on DC

Posted on 2014-02-05
1
462 Views
1 Endorsement
Last Modified: 2014-02-06
I have seen these in the event viewer on my DCs for a while and have never been able to figure out the cause. It has never caused any issues that I am aware of but I would like to see if i can figure out what exactly is going on to cause these messages. And hopefully resolve them.

Our domain is still 2003 forest and function level but we have performed the prep for 2008 r2.

Event ID 675
Source Security

Pre-authentication failed:
       User Name:      usrname
       User ID:            domainname\usrname
       Service Name:      krbtgt/domainname
       Pre-Authentication Type:      0x0
       Failure Code:      0x19
       Client Address:      192.168.100.149

These will show up with different users from within our organization but as I said never seen to cause any issues such as lockouts etc.
1
Comment
Question by:Joseph Daly
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39837651
You are getting this warning due to a AES 128 encryption which is being sent using either Windows Vista/7 or server 2008 member servers. This is a new encryption format that there clients and servers user. 2003 DC's do not support this type of encryption which throws an error in the event log. This event is harmless and can be ignored. If you are looking to surpress this error message you can setup your clients/member servers to use a lower level authentication encryption.

You can distribute the registry key using GPO to your workstations and member servers.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: DefaultEncryptionType
Type: REG_DWORD 
Value: 23

Open in new window



Personally I would not bother with this change if you are looking to upgrade your DC's in the near future, as you will want to undo this change to get the highest level of encryption.

You can also check out the link below which provides great detail on this error message and the reasoning for it.

Event ID 675

Will.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A procedure for exporting installed hotfix details of remote computers using powershell
This article runs through the process of deploying a single EXE application selectively to a group of user.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question