EventID 534: User has not been granted requested logon type

W

Will

In general I'm familiar with Event ID 534, which is a Security Eventviewer
log message that indicates that "the user has not been granted the requested
logon type at this machine". What is confusing me is that I frequently
see these eventids with a logon type of 3 (network logon) where the username
and domain are *blank*. Workstation name is also blank. I thought
that this might be an anonymous logon request, but what is all the more
perplexing is that the logon process is Kerberos.

What are the possible sources of such a request?
 
W

Will

I see these messages on Windows 2000 Server SP4, and we have no XP clients
in our environment. Other ideas?
 
S

Steven L Umbach

Not offhand Will. I will look around and post back if I find anything. ---
Steve
 
G

Glenn L

turn on netlogon logging to get more detail the next time it happens..

Location of the log file - %windir%\debug

Command Prompt setting - Enable from command prompt with "NLTEST
/DBFlag:2080FFFF"

Registry Location -
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry Setting - Add the REG_SZ value "DBFlag" and set it to
0x02080fff
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Security Event ID 534 5
How do I trace a batch process? 1
The user has not been granted the requested - Error Code 534 & 538 7
logon failure: the user has not been granted the requested.... 1
Please help me in resolving the logon type 2 1
The user has not been granted the requested logon type. 2
Event ID 534 in the Security Log 1
Failed Logon Events [Event ID 4625; Logon Type 8; Procss Name: w3wp; Process: Advapi] 1

Top