Security Event ID 675

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,

I am receiving the following failure audit in the security event logs:

Pre-authentication failed:
User Name: MemberServer$
User ID: Domain\MemberServer$
Service Name: krbtgt/Domain.Com
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: X.X.X.X

Now, I've researched all incidents of this message but they always refer to
an actual user account whereby the password was typed incorrectly. I cannot
find anything regarding a computer account. The messages occur
approximately every minute.

This server is a front-end Exchange server. Could this be causing any
issues?

Any help would be greatly appreciated.

Thanks,
Greg F.
 

damon

Distinguished
Apr 7, 2004
61
0
18,630
Archived from groups: microsoft.public.win2000.security (More info?)

I too am getting these events, the server is also an exchange server
if you find the answer to this I would also be intrested in it..
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

The following KB article about troubleshooting kerberos errors for IIS may
help. I would also run netdiag support tool on it looking for any failures
pertaining to kerberos, dns, dc discovery, or secure channel and verify that
the time is in synch between the server and domain controller as kerberos
only allows for a five minute time skew or kerberos authentication will
fail. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;326985

"Greg F." <someone@microsoft.com> wrote in message
news:%23sXjJ62xEHA.2572@tk2msftngp13.phx.gbl...
> Hi All,
>
> I am receiving the following failure audit in the security event logs:
>
> Pre-authentication failed:
> User Name: MemberServer$
> User ID: Domain\MemberServer$
> Service Name: krbtgt/Domain.Com
> Pre-Authentication Type: 0x2
> Failure Code: 0x18
> Client Address: X.X.X.X
>
> Now, I've researched all incidents of this message but they always refer
> to an actual user account whereby the password was typed incorrectly. I
> cannot find anything regarding a computer account. The messages occur
> approximately every minute.
>
> This server is a front-end Exchange server. Could this be causing any
> issues?
>
> Any help would be greatly appreciated.
>
> Thanks,
> Greg F.
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Thank you very much for responding. This gives me another direction to
search. I will post if I find anything out.

-Greg F.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:OQvld.606770$8_6.262179@attbi_s04...
> The following KB article about troubleshooting kerberos errors for IIS
> may help. I would also run netdiag support tool on it looking for any
> failures pertaining to kerberos, dns, dc discovery, or secure channel and
> verify that the time is in synch between the server and domain controller
> as kerberos only allows for a five minute time skew or kerberos
> authentication will fail. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;326985
>
> "Greg F." <someone@microsoft.com> wrote in message
> news:%23sXjJ62xEHA.2572@tk2msftngp13.phx.gbl...
>> Hi All,
>>
>> I am receiving the following failure audit in the security event logs:
>>
>> Pre-authentication failed:
>> User Name: MemberServer$
>> User ID: Domain\MemberServer$
>> Service Name: krbtgt/Domain.Com
>> Pre-Authentication Type: 0x2
>> Failure Code: 0x18
>> Client Address: X.X.X.X
>>
>> Now, I've researched all incidents of this message but they always refer
>> to an actual user account whereby the password was typed incorrectly. I
>> cannot find anything regarding a computer account. The messages occur
>> approximately every minute.
>>
>> This server is a front-end Exchange server. Could this be causing any
>> issues?
>>
>> Any help would be greatly appreciated.
>>
>> Thanks,
>> Greg F.
>>
>
>