Sign in with
Sign up | Sign in
Your question

Security Event ID 534

Last response: in Windows 2000/NT
Share
Anonymous
a b 8 Security
February 23, 2005 3:55:02 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hello,

I am seeing alot of these Security Event Log errors on my Windows 2000
Server.

Type: Audit Failure
Source: Security
Event ID: 534
Event Time: <Date and Time>
User: NT AUTHORITY\SYSTEM
Computer: <computername>
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -

The error seem to be saying that the SYSTEM account is trying to logon from
the Network (logon type 3) and is failing. However I dont understand why the
local System account would be accessing the server from the network! Doesnt
make sense to me.

Any light that could be shed on why Im getting these errors, would be a huge
help.

Many Thanks

Richard

More about : security event 534

Anonymous
a b 8 Security
February 24, 2005 1:34:54 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I am not sure exactly what is going on but the reason would be a lack of
privilege for the user right for access this computer from the network. You can
open Local Security Policy and go to security settings/local policies/user
rights and check for that user right and for deny access to this computer from
the network that will override any allow settings to make sure it is correct.
Normally at least users and administrators have the user right to access this
computer from the network. Check the application and system logs to see if there
any other possible events correlating to these errors by time. ---- Steve


"Richard Smith" <RichardSmith@discussions.microsoft.com> wrote in message
news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
> Hello,
>
> I am seeing alot of these Security Event Log errors on my Windows 2000
> Server.
>
> Type: Audit Failure
> Source: Security
> Event ID: 534
> Event Time: <Date and Time>
> User: NT AUTHORITY\SYSTEM
> Computer: <computername>
> Description:
> Logon Failure:
> Reason: The user has not been granted the requested
> logon type at this machine
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name: -
>
> The error seem to be saying that the SYSTEM account is trying to logon from
> the Network (logon type 3) and is failing. However I dont understand why the
> local System account would be accessing the server from the network! Doesnt
> make sense to me.
>
> Any light that could be shed on why Im getting these errors, would be a huge
> help.
>
> Many Thanks
>
> Richard
Anonymous
a b 8 Security
February 24, 2005 1:34:55 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Steven, thanks for the reply...

I have checked the "deny access from the network" local policy and there are
nothing specified. Also there are no corrosponding events in the app and
system logs.

Im still stumped...



"Steven Umbach" wrote:

> I am not sure exactly what is going on but the reason would be a lack of
> privilege for the user right for access this computer from the network. You can
> open Local Security Policy and go to security settings/local policies/user
> rights and check for that user right and for deny access to this computer from
> the network that will override any allow settings to make sure it is correct.
> Normally at least users and administrators have the user right to access this
> computer from the network. Check the application and system logs to see if there
> any other possible events correlating to these errors by time. ---- Steve
>
>
> "Richard Smith" <RichardSmith@discussions.microsoft.com> wrote in message
> news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
> > Hello,
> >
> > I am seeing alot of these Security Event Log errors on my Windows 2000
> > Server.
> >
> > Type: Audit Failure
> > Source: Security
> > Event ID: 534
> > Event Time: <Date and Time>
> > User: NT AUTHORITY\SYSTEM
> > Computer: <computername>
> > Description:
> > Logon Failure:
> > Reason: The user has not been granted the requested
> > logon type at this machine
> > User Name:
> > Domain:
> > Logon Type: 3
> > Logon Process: Kerberos
> > Authentication Package: Kerberos
> > Workstation Name: -
> >
> > The error seem to be saying that the SYSTEM account is trying to logon from
> > the Network (logon type 3) and is failing. However I dont understand why the
> > local System account would be accessing the server from the network! Doesnt
> > make sense to me.
> >
> > Any light that could be shed on why Im getting these errors, would be a huge
> > help.
> >
> > Many Thanks
> >
> > Richard
>
>
>
Related resources
Anonymous
a b 8 Security
February 24, 2005 4:11:58 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Hmm. Is anybody being denied access to the computer or is anything else failing
or not working right?? How often are these events showing up?? Is this a domain
controller? Try enabling auditing of privilege use and object access for failure
only to see if anything else is being recorded for those audit categories at the
same time that may provide a clue. There was a problem with Event 534 on XP Pro
computers, but have not heard about the same problem for Windows 2000. --- Steve

http://support.microsoft.com/?kbid=841399

"Richard Smith" <RichardSmith@discussions.microsoft.com> wrote in message
news:950582DC-8507-46B1-8328-E2B6D541D98D@microsoft.com...
> Steven, thanks for the reply...
>
> I have checked the "deny access from the network" local policy and there are
> nothing specified. Also there are no corrosponding events in the app and
> system logs.
>
> Im still stumped...
>
>
>
> "Steven Umbach" wrote:
>
> > I am not sure exactly what is going on but the reason would be a lack of
> > privilege for the user right for access this computer from the network. You
can
> > open Local Security Policy and go to security settings/local policies/user
> > rights and check for that user right and for deny access to this computer
from
> > the network that will override any allow settings to make sure it is
correct.
> > Normally at least users and administrators have the user right to access
this
> > computer from the network. Check the application and system logs to see if
there
> > any other possible events correlating to these errors by time. ---- Steve
> >
> >
> > "Richard Smith" <RichardSmith@discussions.microsoft.com> wrote in message
> > news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
> > > Hello,
> > >
> > > I am seeing alot of these Security Event Log errors on my Windows 2000
> > > Server.
> > >
> > > Type: Audit Failure
> > > Source: Security
> > > Event ID: 534
> > > Event Time: <Date and Time>
> > > User: NT AUTHORITY\SYSTEM
> > > Computer: <computername>
> > > Description:
> > > Logon Failure:
> > > Reason: The user has not been granted the requested
> > > logon type at this machine
> > > User Name:
> > > Domain:
> > > Logon Type: 3
> > > Logon Process: Kerberos
> > > Authentication Package: Kerberos
> > > Workstation Name: -
> > >
> > > The error seem to be saying that the SYSTEM account is trying to logon
from
> > > the Network (logon type 3) and is failing. However I dont understand why
the
> > > local System account would be accessing the server from the network!
Doesnt
> > > make sense to me.
> > >
> > > Any light that could be shed on why Im getting these errors, would be a
huge
> > > help.
> > >
> > > Many Thanks
> > >
> > > Richard
> >
> >
> >
March 22, 2005 4:04:29 AM

Archived from groups: microsoft.public.win2000.security (More info?)

"Steven Umbach" wrote:
> Hmm. Is anybody being denied access to the computer or is
> anything else failing
> or not working right?? How often are these events showing up??
> Is this a domain
> controller? Try enabling auditing of privilege use and object
> access for failure
> only to see if anything else is being recorded for those audit
> categories at the
> same time that may provide a clue. There was a problem with
> Event 534 on XP Pro
> computers, but have not heard about the same problem for
> Windows 2000. --- Steve
>
> http://support.microsoft.com/?kbid=841399
>
> "Richard Smith" <RichardSmith@discussions.microsoft.com> wrote
> in message
> news:950582DC-8507-46B1-8328-E2B6D541D98D@microsoft.com...
> > Steven, thanks for the reply...
> >
> > I have checked the "deny access from the network" local
> policy and there are
> > nothing specified. Also there are no corrosponding events in
> the app and
> > system logs.
> >
> > Im still stumped...
> >
> >
> >
> > "Steven Umbach" wrote:
> >
>  > > I am not sure exactly what is going on but the
> reason would be a lack of
>  > > privilege for the user right for access this
> computer from the network. You
> can
>  > > open Local Security Policy and go to security
> settings/local policies/user
>  > > rights and check for that user right and for deny
> access to this computer
> from
>  > > the network that will override any allow settings to
> make sure it is
> correct.
>  > > Normally at least users and administrators have the
> user right to access
> this
>  > > computer from the network. Check the application and
> system logs to see if
> there
>  > > any other possible events correlating to these
> errors by time. ---- Steve
>  > >
>  > >
>  > > "Richard Smith"
> <RichardSmith@discussions.microsoft.com> wrote in
> message
>  > >
> news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
>   > > > Hello,
>   > > >
>   > > > I am seeing alot of these Security Event Log
> errors on my Windows 2000
>   > > > Server.
>   > > >
>   > > > Type: Audit Failure
>   > > > Source: Security
>   > > > Event ID: 534
>   > > > Event Time: <Date and Time>
>   > > > User: NT AUTHORITYSYSTEM
>   > > > Computer: <computername>
>   > > > Description:
>   > > > Logon Failure:
>   > > > Reason: The user has not been granted the
> requested
>   > > > logon type at this machine
>   > > > User Name:
>   > > > Domain:
>   > > > Logon Type: 3
>   > > > Logon Process: Kerberos
>   > > > Authentication Package: Kerberos
>   > > > Workstation Name: -
>   > > >
>   > > > The error seem to be saying that the SYSTEM
> account is trying to logon
> from
>   > > > the Network (logon type 3) and is failing.
> However I dont understand why
> the
>   > > > local System account would be accessing the
> server from the network!
> Doesnt
>   > > > make sense to me.
>   > > >
>   > > > Any light that could be shed on why Im
> getting these errors, would be a
> huge
>   > > > help.
>   > > >
>   > > > Many Thanks
>   > > >
>   > > > Richard
>  > >
>  > >
>  > >

Thought I’d jump in here as I’m having the exact same problem Richard.
I know you would rather have someone with answers but perhaps I can
offer some insight.

This error started occuring after we defined a domain security policy,
’access this computer from the network’. This however broke access to
our web server. The domain policy is not addative I believe and it
took away the local member(web server), IUSR account access.
Apparently when you define a domain policy and there is no local
security policy, then you undefine the domain policy, it may still be
enforced.

When you look at the local security policy the edit buttons are greyed
out so there is no way to specify these accounts or groups with the
local policy. I don’t know how to get around this one. I was
thinking that rejoining the domain might work but as this is a web
server/exchange server I have not tried that yet.

If you can find out what account/group to add into your policy for the
krbtgt account it might fix this.

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Security-Event-ID-534-ftop...
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1092197
Anonymous
a b 8 Security
March 22, 2005 1:36:53 PM

Archived from groups: microsoft.public.win2000.security (More info?)

When you "undefine" security options they often maintain the last defined
setting. Undefined in such case often means "no change". The grayed out
settings means that security settings are being applied at a higher priority
level. Group/security policy is applied in this order where the last applied
setting applies in a normal configuration - local>site>domain>OU>child OU.
What you could do is create an OU for your server with it's own Group
Policy, assign the necessary user rights in that Group Policy and then move
the server account into that OU. The OU could be a child OU to the domain
container or another OU so that you could maintain all current
Group/security policy with the exception of what is defined in the child OU
for your server. Note however if "no override" is configured on the Group
Policy that is applying the user rights to your server a child OU will not
work but that is not a usual configuration. The support tool gpresult can
help in determining what computer configuration policies are being applied
to your server. --- Steve


"zmurof" <UseLinkToEmail@WindowsForumz.com> wrote in message
news:3_1092197_81719a7ba660efe6535f9945ab7691ec@windowsforumz.com...
> "Steven Umbach" wrote:
> > Hmm. Is anybody being denied access to the computer or is
> > anything else failing
> > or not working right?? How often are these events showing up??
> > Is this a domain
> > controller? Try enabling auditing of privilege use and object
> > access for failure
> > only to see if anything else is being recorded for those audit
> > categories at the
> > same time that may provide a clue. There was a problem with
> > Event 534 on XP Pro
> > computers, but have not heard about the same problem for
> > Windows 2000. --- Steve
> >
> > http://support.microsoft.com/?kbid=841399
> >
> > "Richard Smith" <RichardSmith@discussions.microsoft.com> wrote
> > in message
> > news:950582DC-8507-46B1-8328-E2B6D541D98D@microsoft.com...
> > > Steven, thanks for the reply...
> > >
> > > I have checked the "deny access from the network" local
> > policy and there are
> > > nothing specified. Also there are no corrosponding events in
> > the app and
> > > system logs.
> > >
> > > Im still stumped...
> > >
> > >
> > >
> > > "Steven Umbach" wrote:
> > >
> >  > > I am not sure exactly what is going on but the
> > reason would be a lack of
> >  > > privilege for the user right for access this
> > computer from the network. You
> > can
> >  > > open Local Security Policy and go to security
> > settings/local policies/user
> >  > > rights and check for that user right and for deny
> > access to this computer
> > from
> >  > > the network that will override any allow settings to
> > make sure it is
> > correct.
> >  > > Normally at least users and administrators have the
> > user right to access
> > this
> >  > > computer from the network. Check the application and
> > system logs to see if
> > there
> >  > > any other possible events correlating to these
> > errors by time. ---- Steve
> >  > >
> >  > >
> >  > > "Richard Smith"
> > <RichardSmith@discussions.microsoft.com> wrote in
> > message
> >  > >
> > news:9DC611AD-F31E-4F9B-9E71-DFBBE7F000D7@microsoft.com...
> >   > > > Hello,
> >   > > >
> >   > > > I am seeing alot of these Security Event Log
> > errors on my Windows 2000
> >   > > > Server.
> >   > > >
> >   > > > Type: Audit Failure
> >   > > > Source: Security
> >   > > > Event ID: 534
> >   > > > Event Time: <Date and Time>
> >   > > > User: NT AUTHORITYSYSTEM
> >   > > > Computer: <computername>
> >   > > > Description:
> >   > > > Logon Failure:
> >   > > > Reason: The user has not been granted the
> > requested
> >   > > > logon type at this machine
> >   > > > User Name:
> >   > > > Domain:
> >   > > > Logon Type: 3
> >   > > > Logon Process: Kerberos
> >   > > > Authentication Package: Kerberos
> >   > > > Workstation Name: -
> >   > > >
> >   > > > The error seem to be saying that the SYSTEM
> > account is trying to logon
> > from
> >   > > > the Network (logon type 3) and is failing.
> > However I dont understand why
> > the
> >   > > > local System account would be accessing the
> > server from the network!
> > Doesnt
> >   > > > make sense to me.
> >   > > >
> >   > > > Any light that could be shed on why Im
> > getting these errors, would be a
> > huge
> >   > > > help.
> >   > > >
> >   > > > Many Thanks
> >   > > >
> >   > > > Richard
> >  > >
> >  > >
> >  > >
>
> Thought I'd jump in here as I'm having the exact same problem Richard.
> I know you would rather have someone with answers but perhaps I can
> offer some insight.
>
> This error started occuring after we defined a domain security policy,
> 'access this computer from the network'. This however broke access to
> our web server. The domain policy is not addative I believe and it
> took away the local member(web server), IUSR account access.
> Apparently when you define a domain policy and there is no local
> security policy, then you undefine the domain policy, it may still be
> enforced.
>
> When you look at the local security policy the edit buttons are greyed
> out so there is no way to specify these accounts or groups with the
> local policy. I don't know how to get around this one. I was
> thinking that rejoining the domain might work but as this is a web
> server/exchange server I have not tried that yet.
>
> If you can find out what account/group to add into your policy for the
> krbtgt account it might fix this.
>
> --
> Posted using the http://www.windowsforumz.com interface, at author's
> request
> Articles individually checked for conformance to usenet standards
> Topic URL:
> http://www.windowsforumz.com/Security-Event-ID-534-ftop...
> Visit Topic URL to contact author (reg. req'd). Report abuse:
> http://www.windowsforumz.com/eform.php?p=1092197
!