RE: Event log Error - Security

Thanks for your reply, Brandy!
> I need to confirm with you: is 192.168.10.202 is one of your client
> computer who is running Windows 2000 or Windows XP?
That is the problem - it is NOT one of my computers - actually not any
device on the network I can't ping it!
--
Nikki It Admin


""Brandy Nee [MSFT]"" wrote:

> Hello Nikki,
>
> Thank you for posting to the SBS Newsgroup.
>
> I understand that you found Event id 537 with a substatus code of
> 0xC0000133 in your Security Event Log on your SBS server. If I have
> misunderstood the issue, please let me know.
>
> I need to confirm with you: is 192.168.10.202 is one of your client
> computer who is running Windows 2000 or Windows XP?
>
> If it is the case, based on my experience, this issue happens because your
> client computer tries to use Kerberos authentication before using NTLM
> authentication, the computer tries to contact the Windows 2003 domain
> controller by using Kerberos. A logon type of 3 translates to Network. The
> substatus code: 0xc0000133 translates to STATUS_TIME_DIFFERENCE_AT_DC.
> Therefore, according to this information, I suspect that the client is
> failing to authenticate to the domain controller because there is a time
> difference (greater than 5 minutes) between the two computers. Thus, the
> Kerberos authentication fails as it is unable to pass the time verification.
>
> So, please log into your client and double check to make sure that the
> time, data, and year are the same to that on SBS 2003. Please notice that
> they may be in different time zone. Otherwise, you should make sure the
> Windows Time Service is started and its startup type is set as "Automatic"
> on all client computers which the events indicate, and then configure time
> service on the Windows 2000 computer to synchronize time from the server.
> By default, the DC is the time server and it has this service enabled.
>
> In addition, please perform the following steps on your SBS 2003 server:
>
> 1. Check the time zone setting. Make sure the time zone setting is correct.
>
> 2. Make sure the Windows Time Service's startup is set as 'Automatic'.
>
> 3. Go to Start, Run 'regedit' (without the quotation marks) and press
> Enter. In the Registry Editor, navigate to the following key:
>
> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters
>
> In the right panel, double-click 'Type'. If the value data is 'NoSync',
> change it to 'Nt5DS'. Go to services console and restart the Windows Time
> service.
>
> 4. After doing the above steps, reboot the client workstation and then try
> to logon the domain. If the problem still occurs, please open a command
> prompt on the workstation the event 537 complains, type ''net time
> \\<SBS_Server_Name> /set /Y" (without the quotation marks) and press
> Enter. Does the issue disappear?
>
> Hope this information helps. If anything unclear, please let me know. I am
> looking forward to hearing from you.
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> --------------------
> >Thread-Topic: Event log Error - Security
> >thread-index: AcYBLUhIUHXZj23RSYyYMkAFQH0jbw==
> >X-WBNR-Posting-Host: 203.25.66.146
> >From: "=?Utf-8?B?Tmlra2k=?=" <Nikki@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >Subject: Event log Error - Security
> >Date: Wed, 14 Dec 2005 20:09:02 -0800
> >Lines: 28
> >Message-ID: <B52EAC77-1E2C-405F-BA36-821A91620DFF@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:230291
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Hello!
> >I am getting this error on daily basis (in my Server Report email) :
> >Logon Failure:
> > Reason: An error occurred during logon
> > User Name:
> > Domain:
> > Logon Type: 3
> > Logon Process: Kerberos
> > Authentication Package: Kerberos
> > Workstation Name: -
> > Status code: 0xC000006D
> > Substatus code: 0xC0000133
> > Caller User Name: -
> > Caller Domain: -
> > Caller Logon ID: -
> > Caller Process ID: -
> > Transited Services: -
> > Source Network Address: 192.168.10.202
> > Source Port: 3922
> >
> >The strange thing is - there is no device with that address on our
> network(
> >subnet is right) and if I ping it - there is no answer.
> >So, can you, please, tell me where can I found the cause and get rid of
> the
> >error(it doesn't cause any problems, but it is coming up every day).
> >Thanks a lot!
> >
> >--
> >Nikki It Admin
> >
>
>
.

Relevant Pages

  • RE: How to start/stop windows service on a remote machine?
    ... impersonate the client user(authenticated via integrated windows ... authentication in IIS) and access some remote protected resource(windows ... the problem you meet is a typical windows ... want to continue access other remote machine, ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: SP1 und Netzwerkauthentifizierung 802.1x
    ... Es gab mal ein Problem wenn das Client Certificat ... 953650 You cannot connect to an 802.1X wired network after you upgrade to Windows XP Service Pack 3 ... 838502 802.1x client authentication fails when you connect to a Windows Server ... IAS Best Practices: ...
    (microsoft.public.de.windows.vista.installation)
  • RE: 802.1x, Computers, Wired Security
    ... client to use EAP-TLS. ... Authentication-Provider = Windows ... Wired 802.1X Authentication failed. ... Network Adapter: Broadcom NetXtreme Gigabit Ethernet - Packet Scheduler ...
    (microsoft.public.windows.server.active_directory)
  • RE: IEEE 802.1x & dynamic vlan assignment
    ... You must configure the 802.1X client to send an EAP-logoff ... user authentication behavior of Windows XP and Windows Server 2003. ... - Computer authentication mode. ...
    (Focus-Microsoft)
  • RE: Sharepoint prompts for login credentials when not necessary
    ... \par Based on my experience, if this issue occurs on all the client, you need to check the Authentication Settings: ... \par Also, add the SharePoint site to your IE trusted zone, and make sure the "Automatic logon with current user name and password" is selected under User Authentication section in the Trusted Sites Security Settings. ... \par You are prompted to enter your credentials when you access an FQDN site by using a Windows Vista-based client computer that has no proxy configured ... \par login prompt and I can get in/open the document or do whatever I was doing. ...
    (microsoft.public.sharepoint.windowsservices)
Loading