Home All Groups Group Topic Archive Search About

Security logs full of failed audits

microsoft.public.windows.server.general
Author
4 Apr 2007 8:54 PM
Deanna
I have a client with Windows 2003 Server Standard SP1 that is a domain
controller.  In the Security logs of the Event Viewer, I have tons of failed
audits (event id 672) for a user that is no longer in Active Directory.  i
have browed the Internet looking for a fix but I haven't found one.  Can you
help?  Below is the data from the event:

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    672
Date:        4/4/2007
Time:        2:38:55 PM
User:        NT AUTHORITY\SYSTEM
Computer:    GATE
Description:
Authentication Ticket Request:
    User Name:        beaver
    Supplied Realm Name:    domain.LOCAL
    User ID:            -
    Service Name:        krbtgt/domain.LOCAL
    Service ID:        -
    Ticket Options:        0x40810010
    Result Code:        0x6
    Ticket Encryption Type:    -
    Pre-Authentication Type:    -
    Client Address:        192.168.7.171
    Certificate Issuer Name:   
    Certificate Serial Number:   
    Certificate Thumbprint:

Author
5 Apr 2007 4:40 PM
Theo Verweij
Looks like there is someone or something still trying to logon on this
account. Try to find the specified client (192.168.7.171), and see what
is trying to logon.

Deanna wrote:
Show quoteHide quote
> I have a client with Windows 2003 Server Standard SP1 that is a domain
> controller.  In the Security logs of the Event Viewer, I have tons of failed
> audits (event id 672) for a user that is no longer in Active Directory.  i
> have browed the Internet looking for a fix but I haven't found one.  Can you
> help?  Below is the data from the event:
>
> Event Type:    Failure Audit
> Event Source:    Security
> Event Category:    Account Logon
> Event ID:    672
> Date:        4/4/2007
> Time:        2:38:55 PM
> User:        NT AUTHORITY\SYSTEM
> Computer:    GATE
> Description:
> Authentication Ticket Request:
>      User Name:        beaver
>      Supplied Realm Name:    domain.LOCAL
>      User ID:            -
>      Service Name:        krbtgt/domain.LOCAL
>      Service ID:        -
>      Ticket Options:        0x40810010
>      Result Code:        0x6
>      Ticket Encryption Type:    -
>      Pre-Authentication Type:    -
>      Client Address:        192.168.7.171
>      Certificate Issuer Name:   
>      Certificate Serial Number:   
>      Certificate Thumbprint:   
>

Bookmark and Share

Post Other interesting topics
One Domain Two IP Subnets
Windows Time Service
Automated Folder replication between Windows Servers.
Server will not reboot with software mirrored drives
Setting shutdown event tracker programmatically
Can I modify logout times to a specific day?
stop and start a service automaticly
ASPNET 2.0 service packs and patches
Windows immediately forces logoff upon logging in
Group policy remote location