Re: Failure Audits

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Bobby28 (Bobby28_at_discussions.microsoft.com)
Date: 10/08/04 

Date: Fri, 8 Oct 2004 06:19:04 -0700

http://support.microsoft.com/default.aspx?scid=kb;en-us;824905

Steve,
Thanks again for your response. The above link is the knowledge base article
that describes the problem I am having. DNS is configured correctly. The 2000
and 2003 Servers both point to themselves as the preferred DNS Servers. When
looking at the properties of the event failure, it is a problem with
kerberos(service ticket request) is what it says, however it doesn't give
much information. I am hesitant to upgrade the domain to native mode which
may help, even though we have no systems below Windows 2000. I am afraid
there may still be legacy applications that won't work, as we run AS400
mainframe with Domino Server. I am still learning the dcdiag and netdiag
commands. ???

"Steven L Umbach" wrote:

> I see I forgot to provide the dns link. Proper dns configuration is critical
> in an Active Directory domain and is always the first thing to check. The
> domain controllers must point only to themselves and/or other domain
> controllers as their preferred dns server in tcp/ip properties as shown by
> ipconfig /all. Then W2K XP Pro/W2003 domain members must point only to
> domain controllers [NEVER an ISP dns server] as their preferred dns servers.
>
> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>
> If you have downlevel computers such as NT4.0/W98 in the domain it can be
> normal to see logon failures in the security logs as they can not use
> kerberos authentication. You could match up computer names to operating
> systems to see if that is the case.
>
> Netdiag and dcdiag are two extremely helpful tools for checking and
> diagnosing network connectivity and domain configuration. I would first run
> netdiag on the domain controller where you see these events and on one of
> the domain computers that is showing as a failed logon. In particular for
> netdiag look for failed tests, warnings, errors relating to dns, dc
> discovery, kerberos, and secure channel. If you find any problems you can
> paste into a reply here for us to take a look at to see if we can help. ---
> Steve
>
>
> "Bobby28" <Bobby28@discussions.microsoft.com> wrote in message
> news:73680B64-DAA8-482F-8706-1AF0AE9E0326@microsoft.com...
> > Steven, thanks for the feedback. I have actually looked at the knowledge
> > base
> > article where event 673 (2003 Server) and 677 (2000 Server) are
> > continuously
> > logged in the event viewer. It described my problem almost to the T.
> > However,
> > I contacted Microsoft for the hotfix and it did'nt help. The events are
> > still
> > logged. I tried the netdiag and dcdiag yesterday, although I wasn't
> > exactly
> > sure what I was looking at! I am new to the company and alot has been
> > neglected here, I only have 2 Servers here the 2000 and 2003. If you could
> > help with anymmore feedback or possibly what switches I could use for the
> > diagnostic tools I greatly appreciate it. Thanks,
> > Bobby
> >
> > "Steven L Umbach" wrote:
> >
> >> If you can post the whole Event ID it may help. See the KB link below to
> >> make sure your dns configuration is correct for the domain and run the
> >> netdiag support tool on the domain controllers and domain computer that
> >> this
> >> event is related to. Look for any failed tests/warnings/errors that may
> >> indicate the problem. The support tools are on the install disk of the
> >> appropriate operating system in the support tools folder. See the link
> >> below
> >> for results for that error from EventID.net. --- Steve
> >>
> >> http://www.eventid.net/display.asp?eventid=673&eventno=2707&source=Security&phase=1
> >>
> >>
> >> "Bobby28" <Bobby28@discussions.microsoft.com> wrote in message
> >> news:32A03956-F79F-49F6-B86D-423EF591F9B6@microsoft.com...
> >> > 2003 Server displaying this message in Event Viewer.
> >> >
> >> > Type: Failure Audit
> >> > Source: Security
> >> > Category: Account logon
> >> > Event ID: 673
> >> > User: System
> >> >
> >> > I am also having the trouble with a 2000 Server but with a different
> >> > Event
> >> > ID #. I found the solution I thought in the knowledge base and called
> >> > Microsoft for the hotfix, but it hasn't helped the problem. This is
> >> > effecting my logon scripts and Group Policy from processing. Thanks in
> >> > advance for any help.
> >> >
> >> >
> >>
> >>
> >>
>
>
>

Relevant Pages

  • Re: netlogon error
    ... Roger, Thanks for the help. ... I have run the netdiag /fix and it looks like ... For this, run the DNS ... > AD integrated zones as are on the other DNS service. ...
    (microsoft.public.windows.server.security)
  • Re: cname error
    ... First try running a netdiag /fix on your domain controller ... LAN in DNS, and that it is accepting dynamic ... manually insert the CNAME record that is described ... Then re-run netdiag and make sure the log trace is ...
    (microsoft.public.win2000.dns)
  • Re: netlogon error
    ... Ran netdiag and dcdiag no change. ... Went into AD Sites & Services, under Security added SELF and checked ... > not in DNS and hence not visible in results of the KCC ...
    (microsoft.public.windows.server.security)
  • Re: KCC error
    ... Netdiag came up with two errors. ... DNS registration for the VPN server was ... error that appears when clients try to connect. ...
    (microsoft.public.win2000.ras_routing)
  • Re: \computername error: The target account name is incorrect.
    ... But I ran netdiag /fix and it ... [WARNING] ... But I'm not sure if it was there before and Microsoft article mentiones it ...
    (microsoft.public.win2000.networking)