Account logon failure 673

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

We have 2 2003 domain controllers, both are recording a logon failure, id 673
with the following data

User: NT Authority/system
service name: host/myserver.domain name
Ticket options 0X40830000
Client address 127.0.0.1
Failure code 0XD

I haven't found any help in the knowledge base. Any help would be
appreciated.

Thanks, Robert
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Robert,

Event 673 is the Service Ticket Request event (for more info see the event
resource below or Kerb Authn Tech Ref Tools & Settings). Looks like you have
a failure code 0xD - KDC_ERR_BADOPTION: KDC cannot accommodate requested
option (See TS Kerb Err WP for details). This is an error that typically
does not cause you any problems since if the TGT is about to expire your
system will request a new one. However, if you are trying to use constrained
delegation in Windows 2000 then you should rethink your scenario since
Windows 2000 does not support constrained delegation. If you want
constrained delegation then you need to use Windows Server 2003 Active
Directory (domain).

Does that answer your question?

Resources:

Kerberos Authentication in Windows Server 2003 web page has lots of Kerberos
Authentication resources:
http://www.microsoft.com/kerberos

Troubleshooting Kerberos Errors whitepaper:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx

Our resource Windows Server 2003 Events and Errors is off the TechNet Menu
under Troubleshooting & Support as the Events and Errors Message Center. It
has the following URL:
http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20Server%202003&ProdName=Windows%20Operating%20System&MajorMinor=5.2&LCID=1033

Below is the entry for your error:
http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Security&EvtID=673&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2

--
Michiko Short [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.

"Robert J" <RobertJ@discussions.microsoft.com> wrote in message
news:3A2A7DEF-0438-46B7-8795-5721CB7A336F@microsoft.com...
> We have 2 2003 domain controllers, both are recording a logon failure, id
> 673
> with the following data
>
> User: NT Authority/system
> service name: host/myserver.domain name
> Ticket options 0X40830000
> Client address 127.0.0.1
> Failure code 0XD
>
> I haven't found any help in the knowledge base. Any help would be
> appreciated.
>
> Thanks, Robert
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Michiko,
Thanks for the information. I will check out the resources you indicated.
We are not trying to do constrained delegation, we are using win 2003 server.

"Michiko Short [MSFT]" wrote:

> Robert,
>
> Event 673 is the Service Ticket Request event (for more info see the event
> resource below or Kerb Authn Tech Ref Tools & Settings). Looks like you have
> a failure code 0xD - KDC_ERR_BADOPTION: KDC cannot accommodate requested
> option (See TS Kerb Err WP for details). This is an error that typically
> does not cause you any problems since if the TGT is about to expire your
> system will request a new one. However, if you are trying to use constrained
> delegation in Windows 2000 then you should rethink your scenario since
> Windows 2000 does not support constrained delegation. If you want
> constrained delegation then you need to use Windows Server 2003 Active
> Directory (domain).
>
> Does that answer your question?
>
> Resources:
>
> Kerberos Authentication in Windows Server 2003 web page has lots of Kerberos
> Authentication resources:
> http://www.microsoft.com/kerberos
>
> Troubleshooting Kerberos Errors whitepaper:
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/tkerberr.mspx
>
> Our resource Windows Server 2003 Events and Errors is off the TechNet Menu
> under Troubleshooting & Support as the Events and Errors Message Center. It
> has the following URL:
> http://www.microsoft.com/technet/support/ee/search.aspx?DisplayName=Windows%20Server%202003&ProdName=Windows%20Operating%20System&MajorMinor=5.2&LCID=1033
>
> Below is the entry for your error:
> http://www.microsoft.com/technet/support/ee/result.aspx?EvtSrc=Security&EvtID=673&ProdName=Windows+Operating+System&LCID=1033&ProdVer=5.2
>
> --
> Michiko Short [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> Please do not send e-mail directly to this alias. This alias is for
> newsgroup purposes only.
>
> "Robert J" <RobertJ@discussions.microsoft.com> wrote in message
> news:3A2A7DEF-0438-46B7-8795-5721CB7A336F@microsoft.com...
> > We have 2 2003 domain controllers, both are recording a logon failure, id
> > 673
> > with the following data
> >
> > User: NT Authority/system
> > service name: host/myserver.domain name
> > Ticket options 0X40830000
> > Client address 127.0.0.1
> > Failure code 0XD
> >
> > I haven't found any help in the knowledge base. Any help would be
> > appreciated.
> >
> > Thanks, Robert
>
>
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom