Re: Failure Audits

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 10/07/04

Next message: Steven L Umbach: "Re: Renamed server, can't connect..."
Previous message: Juan Ignacio Gelos: "User-friendly RRAS?"
In reply to: Bobby28: "Re: Failure Audits"
Next in thread: Bobby28: "Re: Failure Audits"
Reply: Bobby28: "Re: Failure Audits"
Messages sorted by: [ date ] [ thread ]

Date: Thu, 7 Oct 2004 16:55:58 -0500

I see I forgot to provide the dns link. Proper dns configuration is critical
in an Active Directory domain and is always the first thing to check. The
domain controllers must point only to themselves and/or other domain
controllers as their preferred dns server in tcp/ip properties as shown by
ipconfig /all. Then W2K XP Pro/W2003 domain members must point only to
domain controllers [NEVER an ISP dns server] as their preferred dns servers.

http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382

If you have downlevel computers such as NT4.0/W98 in the domain it can be
normal to see logon failures in the security logs as they can not use
kerberos authentication. You could match up computer names to operating
systems to see if that is the case.

Netdiag and dcdiag are two extremely helpful tools for checking and
diagnosing network connectivity and domain configuration. I would first run
netdiag on the domain controller where you see these events and on one of
the domain computers that is showing as a failed logon. In particular for
netdiag look for failed tests, warnings, errors relating to dns, dc
discovery, kerberos, and secure channel. If you find any problems you can
paste into a reply here for us to take a look at to see if we can help. ---
Steve

"Bobby28" <Bobby28@discussions.microsoft.com> wrote in message
news:73680B64-DAA8-482F-8706-1AF0AE9E0326@microsoft.com...
> Steven, thanks for the feedback. I have actually looked at the knowledge
> base
> article where event 673 (2003 Server) and 677 (2000 Server) are
> continuously
> logged in the event viewer. It described my problem almost to the T.
> However,
> I contacted Microsoft for the hotfix and it did'nt help. The events are
> still
> logged. I tried the netdiag and dcdiag yesterday, although I wasn't
> exactly
> sure what I was looking at! I am new to the company and alot has been
> neglected here, I only have 2 Servers here the 2000 and 2003. If you could
> help with anymmore feedback or possibly what switches I could use for the
> diagnostic tools I greatly appreciate it. Thanks,
> Bobby
>
> "Steven L Umbach" wrote:
>
>> If you can post the whole Event ID it may help. See the KB link below to
>> make sure your dns configuration is correct for the domain and run the
>> netdiag support tool on the domain controllers and domain computer that
>> this
>> event is related to. Look for any failed tests/warnings/errors that may
>> indicate the problem. The support tools are on the install disk of the
>> appropriate operating system in the support tools folder. See the link
>> below
>> for results for that error from EventID.net. --- Steve
>>
>> http://www.eventid.net/display.asp?eventid=673&eventno=2707&source=Security&phase=1
>>
>>
>> "Bobby28" <Bobby28@discussions.microsoft.com> wrote in message
>> news:32A03956-F79F-49F6-B86D-423EF591F9B6@microsoft.com...
>> > 2003 Server displaying this message in Event Viewer.
>> >
>> > Type: Failure Audit
>> > Source: Security
>> > Category: Account logon
>> > Event ID: 673
>> > User: System
>> >
>> > I am also having the trouble with a 2000 Server but with a different
>> > Event
>> > ID #. I found the solution I thought in the knowledge base and called
>> > Microsoft for the hotfix, but it hasn't helped the problem. This is
>> > effecting my logon scripts and Group Policy from processing. Thanks in
>> > advance for any help.
>> >
>> >
>>
>>
>>

Next message: Steven L Umbach: "Re: Renamed server, can't connect..."
Previous message: Juan Ignacio Gelos: "User-friendly RRAS?"
In reply to: Bobby28: "Re: Failure Audits"
Next in thread: Bobby28: "Re: Failure Audits"
Reply: Bobby28: "Re: Failure Audits"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Please wait while the domain list is created
... Delayed logons are often a dns issue in that the computer is having a ... that W2K/XP Pro domain computers point ONLY to domain controllers running ... netdiag and dcdiag should be helpful to you. ... policy that can cause very long logon times and/or logon failures. ...
(microsoft.public.windows.server.networking)
Re: Security Log Help
... If netdiag and dcdiag results look good then it probably is not related to ... dns configuration for the domain controller. ... and SERVER2 failed referenced in the ... >> solution and verify that your domain controllers have the correct IP ...
(microsoft.public.win2000.security)
Re: Problem with XP and Group Policy
... Netdiag will work on XP Pro. ... the support tools from the XP Pro disk and you ... >> controllers running dns that contain the AD domain. ...
(microsoft.public.win2000.networking)
Re: Mangage XP Firewall centrally
... The second link is for Small Business Server if that is what your ... dns is often a caused of Group Policy problems. ... server] domain controllers running dns as their preferred dns server. ... run the support tools netdiag and dcdiag on ...
(microsoft.public.windows.server.security)
Re: Problems with giving the Domain Users group access to folders
... You certainly don't want to have computers with the same sid. ... Any fatal error is not good with netdiag. ... First thing to check is dns ... configuration in that domain controllers should point to the first domain controller ...
(microsoft.public.win2000.security)