Solved

Pre-Authentication failures on DC

Posted on 2014-02-05
1
471 Views
1 Endorsement
Last Modified: 2014-02-06
I have seen these in the event viewer on my DCs for a while and have never been able to figure out the cause. It has never caused any issues that I am aware of but I would like to see if i can figure out what exactly is going on to cause these messages. And hopefully resolve them.

Our domain is still 2003 forest and function level but we have performed the prep for 2008 r2.

Event ID 675
Source Security

Pre-authentication failed:
       User Name:      usrname
       User ID:            domainname\usrname
       Service Name:      krbtgt/domainname
       Pre-Authentication Type:      0x0
       Failure Code:      0x19
       Client Address:      192.168.100.149

These will show up with different users from within our organization but as I said never seen to cause any issues such as lockouts etc.
1
Comment
Question by:Joseph Daly
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39837651
You are getting this warning due to a AES 128 encryption which is being sent using either Windows Vista/7 or server 2008 member servers. This is a new encryption format that there clients and servers user. 2003 DC's do not support this type of encryption which throws an error in the event log. This event is harmless and can be ignored. If you are looking to surpress this error message you can setup your clients/member servers to use a lower level authentication encryption.

You can distribute the registry key using GPO to your workstations and member servers.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: DefaultEncryptionType
Type: REG_DWORD 
Value: 23

Open in new window



Personally I would not bother with this change if you are looking to upgrade your DC's in the near future, as you will want to undo this change to get the highest level of encryption.

You can also check out the link below which provides great detail on this error message and the reasoning for it.

Event ID 675

Will.
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question