RE: Critical Errors in Security Log
- From: "Chuck" <Chuck@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Feb 2006 12:20:08 -0800
I'm also recently getting these errors. The server and clients are time
synched so that's not the issue. Here is a copy of my error:
Logon Failure:
Reason: An error occurred during logon
User Name: XXXXXXXX
Domain: XXXXXXXX
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00002EE
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
This is then followed by an event id 538:
User Logoff:
User Name: XXX
Domain: XXXXXX
Logon ID: (0x0,0x2B002956)
Logon Type: 3
which is then followed by event id 680:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: XXXXXX
Source Workstation: SALES12
Error Code: 0x0
which is then followed by event id 576
Special privileges assigned to new logon:
User Name: XXXXXX
Domain: XXXXXXXXXX
Logon ID: (0x0,0x2B002978)
Privileges: SeLoadDriverPrivilege
SeImpersonatePrivilege
Which is then follwed by event id 540
Successful Network Logon:
User Name: XXXXXXX
Domain: XXXXXXXX
Logon ID: (0x0,0x2B002978)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: SALES12
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.100.48
Source Port: 3100
Which is then followed by yet another eventid 538:
User Logoff:
User Name: XXX
Domain: XXXXXX
Logon ID: (0x0,0x2B002956)
Logon Type: 3
All of the above are for the same user, which is a good domain user, and the
ip address is correct for the network. There are thousands of these each and
every day and have just started within the last week. The only thing that has
changed is the addition of an external fax modem and an update of the IMF.
This doesn't appear to be affecting performance but it's driving me nuts and
I'd really like to get it fixed.
Thank you all in advance for any help or guidance that you can give.
Chuck
"Barry McConomy" wrote:
Hi.
I have recently started to get a lot of "Critical Errors in Security Log"
(5,448), see below.
Can anybody advise/help?
Regards
Barry
Source: Security
Event ID: 537
Logon Failure:
Reason: An error occurred during logon
User Name: Roly
Domain: JFP
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC00002EE
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port:
- References:
- Critical Errors in Security Log
- From: Barry McConomy
- Critical Errors in Security Log
- Prev by Date: Re: No ISP server email stored
- Next by Date: Re: Users Shared Folders Permissions
- Previous by thread: Critical Errors in Security Log
- Next by thread: Critical Errors in Security Log
- Index(es):
Relevant Pages
|
