Re: Event ID 537: Error at Logon
- From: v-yanniw@xxxxxxxxxxxxxxxxxxxx ("Jenny wu [MSFT]")
- Date: Thu, 25 Aug 2005 12:52:30 GMT
Hi Trevor,
Thanks for you update!
Did the issue happen in the xp workstation? Please double check it in other
XP workstations.
If that, I think the SBS server configuration is fine and this is a client
side configuration. Usually, we will do Windows XP issue in the Windows XP
Newsgroup. For your convenience, I will help you troubleshoot it here.
1. On this Windows XP Client workstation, please make sure that "time zone
setting" and "daily day time saving" configuration is correct and same with
your SBS server.
2, Run the following command to set the SBS server as Time server of your
client workstation
net time \\SBSServerName /Set /Yes
3. Use the following command to force a synchronization
w32tm /resync
4. Please use the following command on the client workstation and test the
result. Please let me know the result.
w32tm /monitor /computers:localhost
5. Please let me know if this client workstation has any issue to access
the server share and logon on domain?
Furthermore, as a server side support engineer, we will focus on the whole
network performance and keep the server running consistent as our goal. If
there is only 1 or 2 client workstation has critical issue such as infected
with virus and it affect the server running and whole network, we would
like to suggest backup important personal data and clean install this
workstation. This could keep the whole network safe and secure other good
workstation.
Regarding the Critical Errors in System Log, would you please collect
following information for further troubleshooting?
1. Have you installed any application other than SBS itself on this box?
Such as Microsoft MOM server?
2. Have you installed any third-party application on this server?
3. Have you encounter any error when you are using SBS server or any other
application on this box?
4 Please paste the accurate error event log in the newsgroup.
5 Please try clean boot in the XP workstation
A Clean Boot will allow us to isolate any device drivers or programs that
are loading at startup that may be causing a conflict with other device
drivers or programs that are installed in your computer.
1) Run MSCONFIG.EXE.
2) In the Services tab, click "Hide All Microsoft Services" and click
"Disable All".
3) In the Startup tab, click "Disable All". Click OK. (This will
temporarily prevent third-party programs from running automatically during
start-up.)
4) Restart the computer and check whether the problem still persists.
If the problem does not occur, it indicates that the problem is related to
one application or service we have disabled. You can use the MSCONFIG tool
again to re-enable the disabled item one by one to find out the culprit.
I appreciate your time and look forward to hearing from you.
Have a nice day!
Best Regards,
Jenny Wu
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Trevor Clark" <thetrev68 @ gmail.com>
>References: <u3DP0u#pFHA.3800@xxxxxxxxxxxxxxxxxxxx>
<RwwN9kIqFHA.788@xxxxxxxxxxxxxxxxxxxxx>
>Subject: Re: Event ID 537: Error at Logon
>Date: Wed, 24 Aug 2005 12:49:20 -0500
>Lines: 211
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>X-RFC2646: Format=Flowed; Original
>Message-ID: <#E85oQNqFHA.3108@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.sbs
>NNTP-Posting-Host: mail.tadano-cranes.com 66.162.85.234
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:147435
>X-Tomcat-NG: microsoft.public.windows.server.sbs
>
>Jenny,
>
>Thanks for the information. I performed the commands at both the client
and
>server, but the repeated failed logins still occur.
>
>I also notice now there is a lot of "DCOM" errors (event id 10009, 10006)
in
>the client's system event logs. Could they be related? Surely they are
>somehow.
>
>I'll work on that error and report back if I still need assistance.
Thanks
>again for your help.
>
>-Trevor
>
>""Jenny wu [MSFT]"" <v-yanniw@xxxxxxxxxxxxxxxxxxxx> wrote in message
>news:RwwN9kIqFHA.788@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hi Trevor,
>>
>> Thanks for posting here!
>>
>> According to your post, I understand that you get the Event ID 537 on SBS
>> server''s security log.
>>
>> For your error information, It seems that something on the workstation is
>> failing to authenticate to the SBS server because there is a time
>> difference (greater than 5 minutes) between the two computers.
>>
>> Windows includes the W32Time Time service tool that is required by the
>> Kerberos authentication protocol. Kerberos fails if there is a time
>> difference (greater than 5 minutes) between the two computers. The
purpose
>> of the Time service is to ensure that all computers that are running
>> Windows 2000 or later in an organization use a common time.
>>
>> Please perform the following steps to see if the problem can be resolved:
>>
>> 1. On the SBS server, make sure the system time and the time zone is
>> correct.
>> 2. On the problematic client, such as 192.168.16.27, run the following
>> command:
>>
>> net time \\Server1 /set /y
>>
>> After performing the above steps, if the problem still exists, please
>> perform the following steps:
>>
>> Step 1: Make sure that the Windows Time service is running
>> =====
>>
>> The CEICW disables the Windows Time service unless you have selected a
>> broadband connection (no router). To do so:
>>
>> 1. Click Start, click Run, type "services.msc" and click OK
>> 2. Locate the Windows Time service, is it running? If it is disabled,
>> double-click the Windows Time service, change Startup type to Automatic
>> and
>> click OK.
>> 3. Right-click the Windows Time service and click Start.
>>
>> The Time service uses a hierarchical relationship that controls authority
>> and does not permit loops to ensure appropriate common time usage. All
>> client desktop computers nominate the authenticating domain controller as
>> their in-bound time partner. The PDC operations master at the root of the
>> forest (the SBS server in this case) becomes authoritative for the
>> organization, and you should configure the PDC operations master to
gather
>> the time from an external source.
>>
>> Step 2: Configure the SBS server to synchronize with an external time
>> server
>> =====
>>
>> 1. Click Start, click Run, type "cmd" (without the quotation marks) and
>> press ENTER.
>> 2. Type the following, where PeerList is a comma-separated list of Domain
>> Name System (DNS) names or Internet protocol (IP) addresses of the
desired
>> time sources:
>>
>> w32tm /config /syncfromflags:manual /manualpeerlist:PeerList
>>
>> 262680 A List of the Simple Network Time Protocol Time Servers That Are
>> Available on the Internet
>> http://support.microsoft.com/?id=262680
>>
>> 3. Run the following commands:
>>
>> w32tm /config /update
>> net stop w32time
>> net start w32time
>> w32tm /resync
>>
>> 4. Have the clients to log off and then log on to synchronize Windows
>> time.
>>
>> Try to test, how about the result?
>>
>> Additional information:
>>
>> When you run CEICW, after you select "Broadband", if you select either
>> PPPOE or "A local Router device", then it will disable the Windows Time
>> service.
>>
>> When you run CEICW, you need to select Broadband -> a Direct broadband
>> connection instead of a local router device if you want to have Windows
>> Time service enable. For a router, it might be using ISDN or a modem. To
>> prevent dial-on-demand router from constantly dialing for time updates,
it
>> is considered as a non-fulltime scenario during CEICW.
>>
>> Hope above information helps! I am currently standing by for you about
the
>> test result. I am always happy to be of further assistance.
>>
>> Have a nice day!
>>
>> Best Regards,
>>
>> Jenny Wu
>> Microsoft CSS Online Newsgroup Support
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
corresponding
>> newsgroups so that they can be resolved in an efficient and timely
manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Trevor Clark" <thetrev68 @ gmail.com>
>>>Subject: Event ID 537: Error at Logon
>>>Date: Tue, 23 Aug 2005 09:05:21 -0500
>>>Lines: 43
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>>X-RFC2646: Format=Flowed; Original
>>>Message-ID: <u3DP0u#pFHA.3800@xxxxxxxxxxxxxxxxxxxx>
>>>Newsgroups: microsoft.public.windows.server.sbs
>>>NNTP-Posting-Host: mail.tadano-cranes.com 66.162.85.234
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP11.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:146991
>>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>>
>>>Hello,
>>>
>>>SBS2003 Premium with ISA2004.
>>>
>>>One of my client PC's (Windows XP SP2) has been triggering a failure
audit
>>>in the security logs of the SBS2003 server. See exact error message
>> below.
>>>I'm getting between 20,000 and 35,000 of these errors per day. The event
>>>viewer on the local box doesn't show any such errors. There doesn't
>> appear
>>>to be any negative side effects of this, however it can't be good to fill
>> up
>>>the logs like this. How can I troubleshoot this?
>>>
>>>Event Type: Failure Audit
>>>Event Source: Security
>>>Event Category: Logon/Logoff
>>>Event ID: 537
>>>Date: 8/23/2005
>>>Time: 8:54:14 AM
>>>User: NT AUTHORITY\SYSTEM
>>>Computer: TADANO3
>>>Description:
>>>Logon Failure:
>>> Reason: An error occurred during logon
>>> User Name: <user>
>>> Domain: <domain>
>>> Logon Type: 3
>>> Logon Process: Kerberos
>>> Authentication Package: Kerberos
>>> Workstation Name: -
>>> Status code: 0xC00002EE
>>> Substatus code: 0x0
>>> Caller User Name: -
>>> Caller Domain: -
>>> Caller Logon ID: -
>>> Caller Process ID: -
>>> Transited Services: -
>>> Source Network Address: -
>>> Source Port: -
>>>
>>>
>>>For more information, see Help and Support Center at
>>>http://go.microsoft.com/fwlink/events.asp.
>>>
>>>
>>>
>>
>
>
>
.
- References:
- RE: Event ID 537: Error at Logon
- From: "Jenny wu [MSFT]"
- RE: Event ID 537: Error at Logon
- Prev by Date: RE: Can't send or receive e-mail to POP3 users on same domain--HELP!
- Next by Date: Re: Best Backup Practices
- Previous by thread: RE: Event ID 537: Error at Logon
- Next by thread: Outlook and exchange
- Index(es):
Relevant Pages
|
Loading
