Critical Errors in Security Log

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "James Shirey Jr." <inknpaper@xxxxxxxxxxx>
• Date: Thu, 09 Feb 2006 16:30:55 -0500

---

Hello,
I have been getting Critical Errors in the security Log that I can't seem to
get figured out. I have searched several sites that explain basic causes but
no fix. The first error is an Event ID: 673 and Source being Security.
The error reads:
____________________________________________________________________________

Service Ticket Request:
 
User Name:
Mark@xxxxxxxx
 
User Domain:
XX.LOCAL
 
Service Name:
krbtgt/XX.LOCAL
 
Service ID:
-
 
Ticket Options:
0x2
 
Ticket Encryption Type:
-
 
Client Address:
192.168.xx.xx
 
Failure Code:
0x20
 
Logon GUID:
-
 
Transited Services:
-
_________________________________________________________________________

The second error is an Event ID:560 with the Source being Security
The error reads:
_________________________________________________________________________

Object Open:
 
Object Server:
Security
 
Object Type:
File
 
Object Name:
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\CONFIG\security.config.cch.new
 
Handle ID:
-
 
Operation ID:
{0,1253008035}
 
Process ID:
9320
 
Image File Name:
C:\WINNT\system32\inetsrv\w3wp.exe
 
Primary User Name:
NETWORK SERVICE
 
Primary Domain:
NT AUTHORITY
 
Primary Logon ID:
(0x0,0x3E4)
 
Client User Name:
-
 
Client Domain:
-
 
Client Logon ID:
-
 
Accesses:
READ_CONTROL
 
SYNCHRONIZE
 
ReadData (or ListDirectory)
 
WriteData (or AddFile)
 
AppendData (or AddSubdirectory or CreatePipeInstance)
 
ReadEA
 
WriteEA
 
ReadAttributes
 
WriteAttributes
 
 
 
Privileges:
-
 
Restricted Sid Count:
0
 
Access Mask:
0x12019F
________________________________________________________

If anyone has any suggestions I would be very grateful,
Confused in SBS land,
James Shirey

.

---

• Follow-Ups:
  • RE: Critical Errors in Security Log
    • From: "Brandy Nee [MSFT]"

• Prev by Date: Re: RWW Publishing
• Next by Date: Re: Folder contents are different when logged in remotely?
• Previous by thread: RE: Critical Errors in Security Log
• Next by thread: RE: Critical Errors in Security Log
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Help with Security Logs ... Security" means that the event was generated by the security ... Primary User is the user context that actually performed the access; ... Client User is the user on behalf of whom the file was accessed. ... The Logon ID fields for Primary User and Client User identify a unique logon ... (microsoft.public.security) RE: SecurityException in Clipboard.SetDataObject ... does the images copy operation by himself. ... Security is all about trust. ... If the client user does the copy himself, this means the client user trusts ... (microsoft.public.dotnet.framework.windowsforms) RE: SecurityException in Clipboard.SetDataObject ... recent contents sent to the Clipboard. ... Security is all about trust. ... If the client user does the copy himself, this means the client user trusts ... (microsoft.public.dotnet.framework.windowsforms) Re: Is this normal behavior or an attack? ... running code inside of w3wp.exe that require those resources. ... process identity and denying the security breach. ... Client User Name: IUSR_XXXXX-DC ... (microsoft.public.inetserver.iis.security) Re: How to resolve GUID: %{771727b1-31b8-4cdf-ae62-4fe39fadf89e} ... IADsNameTranslate wraps DsCrackNames (for all the scripters ... >> Primary User Name: NEWW2K3$ ... >> Primary Logon ID: ... >> Client User Name: Administrator ... (microsoft.public.windows.server.active_directory)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-02