On Wed, 14 Jan 2004 18:06:16 -0800, Troy Bumpstead wrote
I too get these errors along with 675, i need to find a
answer as well
675 is Windows probably for KDC_ERR_CLIENT_REVOKED "Clients credentials have
been revoked." I suspect this is due to ticket-granting ticket (TGT)
expiration. If that is the case, on its own, intermittent 675 is no big
deal. The client will seek another TGT automatically. See RFC 1510.
As part of a complex issue (the additional events suggest a more complex
issue) 675 is generated when authentication fails due to bad password (such
as a recently changed password that has not replicated, e.g., session
reconnection with an old, cached password) or when Service Principal Name
(SPN) is not registered or DNS records are missing or incorrect or the SNTP
time service is not working.
On Fri, 9 Jan 2004 10:50:49 -0800, David Craige wrote
Complete event records would be nice. Maybe 677 in this context is
KDC_ERR_S_PRINCIPAL_UNKNOWN Server not found in Kerberos database. Again, an
unregistered SPN could be the culprit.
Additional causes of these combined (537,677, 675 events) may be computer
accounts with bad passwords (<COMPUTERNAME>$ is listed as the culprit in the
Event ID) missing or incorrect DNS-style domain names as mentioned in
http://support.microsoft.com/?kbid=328570
or stale COMPUTERNAME$ accounts (joining COMPUTERNAME to Domain A, then
joining COMPUTERNAME to Domain B at a time when Domain B already trusts
Domain A.)
With or without hotfixes you need to investigate before or after with tools
like LDIFE
http://support.microsoft.com/?kbid=237677
netdom
http://support.microsoft.com/?kbid=329721
DNSLint
http://support.microsoft.com/?kbid=321045
klist
kerbtray
netdiag
http://www.microsoft.com/windows2000/techinfo/reskit/tools/default.asp
setspn
http://www.microsoft.com/windows2000/techinfo/reskit/default.asp
I heard Windows Server 2003 SP1 will have "Fix It" "OK" and "Cancel" buttons
in the Event Log for Event ID 537.
Matt Scarborough 2004-01-15
