Administrator pre-authentication error on server

[1DMF]

Hi,

Any ideas why our vista client is causing the following in the server log / event viewer..

Source Event ID Last Occurrence Total Occurrences 
  Security 675 17/10/2009 05:42 63 * 
Pre-authentication failed: 
  User Name: Administrator 
  User ID: OURDOMAIN\Administrator 
  Service Name: krbtgt/hlpartnership 
  Pre-Authentication Type: 0x0 
  Failure Code: 0x19 
  Client Address: 192.168.0.14

What would be trying to logon as administrator in the background.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!

 

[Lemon13]

see at eventid.net what applies to your situation

http://www.eventid.net/display.asp?eventid=675&eventno=62&source=Security&phase=1

M. Knorr

MCSE, MCTS, MCSA, CCNA

 

[1DMF]

How do I know what applies?

Most talk about PWD changes, this particular user has password to never expire.

And what has his userID got to do with the administrator userID.

Sorry but i didn't find your link helpful.



"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!

 

[Lemon13]

How do I know what applies?"
is it me or you that knows your enviorment?

The error event 675 with 0X19 error code indicates:

0x19 - KDC_ERR_PREAUTH_REQUIRED: Additional pre-authentication required

In domain environment, Kerberos is the default authentication protocol. In
Kerberos Authentication protocol implemented in Windows, Pre-authentication
is required by default. However, sometimes, clients may not include the
pre-authentication data in first communication with KDC (the AS_REQ). As a
result, KDC returns an error to inform client that Pre-Authentication
is required, and then an event ID 675 with the error 0x19 is recorded on
KDC.


Meanwhile, please set the flag "Do not require pre-authentication" for the
problematic account EXC$, to configure the system to not require
pre-authentication. For user accounts, we can enable this flag in User
Properties. For computer account, we should modify the attribute
UserAccountControl via the following steps:

1. On the domain controller, click Start, click Run, type in "adsiedit.msc"
(without the quotation marks) and press ENTER to launch ADSI Edit tool.
This tool is included with the Windows 2003 Support Tools. To install the
Support Tools, run Suptools.msi from the Support\Tools folder on the
Windows 2003 Server CD-ROM.
2. Locate the computer accounts DOMAIN\EXC$ under the Domain partition.
3. Right-click on "DOMAIN\EXC$", click Properties.
4. Then locate the attribute "UserAccountControl" in the Attributes list.
Click Edit.
5. Modify the value to original value plus 4194304. For example, if the
original value is 512, the new value should be 512+4194304=4194816
6. Click OK, click Apply, and click OK.
7. Quit ADSI Edit. Then you can check if the event 675 stops for these
accounts.

For more information about UserAccountControl attribute, you can refer to
the following article:

How to use the UserAccountControl flags to manipulate user account
properties

http://support.microsoft.com/kb/305144

M. Knorr

MCSE, MCTS, MCSA, CCNA

 

[1DMF]

What purpose does pre-authentication serve?

Why would a standard SBS2003 install and Vista business not be capable of this?

Does turning off pre-authentication, then pose a security risk?

Sorry if i'm not as knowledgeable as you, but windows authentication is not my field of expertise, and normally everything works fine, and has done for years.

I only get to learn about these things when something goes wrong.

"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."

"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!