Re: Event ID: 537 Kerberos

Thanks for the response Richard
I've combed over eventid.net prior to posting here and haven't found
anything
The strange thing is that the event ID 537 comes up on the member server
not the Domain controller's event log to which my user account is
authenticating to.
This makes me think that the windows 2000 DC accepts the kerberos
authentication,
however the Windows 2003 member server expects more from the token than what
the Windows 2000 DC can return to it.

I'm thinking that the Windows 2003 kerberos is not the same as the windows
2000 kerberos
hence the return code of: STATUS_NO_S4U_PROT_SUPPORT

- Evan




"Richard Oltmann" <roltmann62@xxxxxxxxxxx> wrote in message
news:%23n$3TY9kFHA.3936@xxxxxxxxxxxxxxxxxxxxxxx
> try this link and see if any of this is helpful
> http://www.eventid.net/display.asp?eventid=537&eventno=194&source=Security&phase=1
> Richard
> "Evan" <ewgny@xxxxxxxxxxx> wrote in message
> news:OaDaHQ9kFHA.2444@xxxxxxxxxxxxxxxxxxxxxxx
>> Greetings
>>
>> I'm getting the following error on
>> My windows 2003 member servers when I log on with
>> my Domain Admin account
>> Domain is a Windows 2000 Domain
>> I think this happened after SP1 was installed on the member servers
>>
>> I did find that the Status code: 0xC000040A
>> relates to
>> STATUS_NO_S4U_PROT_SUPPORT
>>
>> However I cannot find much info on this
>>
>> Any input would be appreciated
>>
>> Thanks
>>
>> - Evan
>>
>>
>>
>>
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Logon/Logoff
>> Event ID: 537
>> Date: 7/28/2005
>> Time: 8:01:46 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: SERVER-2
>> Description:
>> Logon Failure:
>> Reason: An error occurred during logon
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Authz
>> Authentication Package: Kerberos
>> Workstation Name: SERVER-2
>> Status code: 0xC000040A
>> Substatus code: 0x0
>> Caller User Name: SERVER-2$
>> Caller Domain: XYZ
>> Caller Logon ID: (0x0,0x3E7)
>> Caller Process ID: 1004
>> Transited Services: -
>> Source Network Address: -
>> Source Port: -
>>
>>
>>
>>
>>
>
>


.

Relevant Pages

  • smartcard authentication in Linux KDC realm
    ... Kerberos realm in Linux KDC from Windows ... 2000 workstations via smartcard logon. ... Windows workstations authenticating to the Kerberos realm, ...
    (microsoft.public.platformsdk.security)
  • krb5kdc_err_s_principal_unknown on Windows Kerberos Domain
    ... I may be having problems with Kerberos on a Windows 2000 domain controller, ... used with a Windows 2000 or Windows 2003 member server. ...
    (comp.protocols.kerberos)
  • Re: Locked out of Win2k Server
    ... policies, 1) the User Right to Log on locally, and Deny ... Microsoft MVP (Windows Security) ... > I have a Windows 2000 server as a member server of a Windows 2000 AD ... Now, I can't logon to my member server, either ...
    (microsoft.public.windows.server.security)
  • Re: cannot logon to terminal services
    ... >I am running Terminal services on a member server, Windows 2003 server. ... > have all the users who are going to logon to TS in the Remote Desktop ...
    (microsoft.public.windows.terminal_services)
  • Locked out of Win2k Server
    ... I have a Windows 2000 server as a member server of a Windows 2000 AD Domain. ... Now, I can't logon to my member server, either through ... the Administrator account. ...
    (microsoft.public.windows.server.security)
Loading