Kerberos Errors When Remotely Managing From another 2003 Server

[Guest W2k3 Remote Manage Causes Kerberos Error]

When I remotely manage the server from XP SP2 no error event is generated.

(Right-click My Computer | Manage | Connect to Another Computer <MyServer>)

 

When I remotely manage the server from another Windows 2003 SP2 server, I

receive the following Kerberos Logon Failure Event. It may not matter, but

it's filling my logs and become a source of irritation. It's Windows patches

are up-to-date, so I expect this is related to an unexpected security

"feature".

 

Anyone understand the root cause, and know of a fix?

 

Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 537

Date: 2/12/2008

Time: 2:23:07 PM

User: NT AUTHORITY\SYSTEM

Computer: MYSERVER

Description:

Logon Failure:

Reason: An error occurred during logon

User Name:

Domain:

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name: -

Status code: 0xC000006D

Substatus code: 0xC0000408

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: -

Source Port: -

 

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

[Guest W2k3 Remote Manage Causes Kerberos Error]

RE: Kerberos Errors When Remotely Managing From another 2003 Server

 

FYI ... of 100+ servers this is the only server that is doing this. To

attempt to fix I have ensured "time" is in sync with the domain. And about

a month ago, l deleted the account from the domain, rebuilt the server,

rejoined the domain (new computer account). Because this problem has been

ongoing on this particular server, which does several WMI perf mon calls to

many servers in all our domains.

 

This server:

- Is a member of the Forest Root Domain IAS and RAS server group (it resides

in the forest root domain)

- Is a member of 4 child domain's IAS and RAS server group

 

... after having rebuilt the server and rejoined the domain I did wait a

day or so to add this server back into the IAS and RAS server group(s)

because I wanted to make certain the old computer account deletion was

propegated out. I did find it took a longer time than expected before I was

able to place it into one of the child domain's IAS and RAS group, but I

finally was able to do it.

 

"W2k3 Remote Manage Causes Kerberos Error" wrote:

> When I remotely manage the server from XP SP2 no error event is generated.

> (Right-click My Computer | Manage | Connect to Another Computer <MyServer>)

>

> When I remotely manage the server from another Windows 2003 SP2 server, I

> receive the following Kerberos Logon Failure Event. It may not matter, but

> it's filling my logs and become a source of irritation. It's Windows patches

> are up-to-date, so I expect this is related to an unexpected security

> "feature".

>

> Anyone understand the root cause, and know of a fix?

>

> Event Type: Failure Audit

> Event Source: Security

> Event Category: Logon/Logoff

> Event ID: 537

> Date: 2/12/2008

> Time: 2:23:07 PM

> User: NT AUTHORITY\SYSTEM

> Computer: MYSERVER

> Description:

> Logon Failure:

> Reason: An error occurred during logon

> User Name:

> Domain:

> Logon Type: 3

> Logon Process: Kerberos

> Authentication Package: Kerberos

> Workstation Name: -

> Status code: 0xC000006D

> Substatus code: 0xC0000408

> Caller User Name: -

> Caller Domain: -

> Caller Logon ID: -

> Caller Process ID: -

> Transited Services: -

> Source Network Address: -

> Source Port: -

>

>

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

[Guest Thee Chicago Wolf]

Re: Kerberos Errors When Remotely Managing From another 2003 Server

 

Error@discussions.microsoft.com> wrote:

>When I remotely manage the server from XP SP2 no error event is generated.

>(Right-click My Computer | Manage | Connect to Another Computer <MyServer>)

>

>When I remotely manage the server from another Windows 2003 SP2 server, I

>receive the following Kerberos Logon Failure Event. It may not matter, but

>it's filling my logs and become a source of irritation. It's Windows patches

>are up-to-date, so I expect this is related to an unexpected security

>"feature".

>

>Anyone understand the root cause, and know of a fix?

>

>Event Type: Failure Audit

>Event Source: Security

>Event Category: Logon/Logoff

>Event ID: 537

>Date: 2/12/2008

>Time: 2:23:07 PM

>User: NT AUTHORITY\SYSTEM

>Computer: MYSERVER

>Description:

>Logon Failure:

> Reason: An error occurred during logon

> User Name:

> Domain:

> Logon Type: 3

> Logon Process: Kerberos

> Authentication Package: Kerberos

> Workstation Name: -

> Status code: 0xC000006D

> Substatus code: 0xC0000408

> Caller User Name: -

> Caller Domain: -

> Caller Logon ID: -

> Caller Process ID: -

> Transited Services: -

> Source Network Address: -

> Source Port: -

>

>

>For more information, see Help and Support Center at

>http://go.microsoft.com/fwlink/events.asp.

 

Are you still running the kerberos.dll from Server 2003 SP2?

 

Check out the following KB articles as they might be worth a look:

1. http://support.microsoft.com/kb/931192

2. http://support.microsoft.com/kb/943459

 

- Thee Chicago Wolf