S
Sammy Sanders
I have set up auditing for failed logon attempts for the
domain (single forest, single domain).
The security log keeps filling up with events that seem
meaningless, defeating the whole purpose of the auditing.
Can anyone shed any light as to what these event mean, or
is there a way to stop them from being logged?
Thenks!
The events are:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 4/16/2004
Time: 8:22:57 AM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Service Ticket Request Failed:
User Name:
User Domain:
Service Name: krbtgt/DOMAIN.LOCAL
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 172.16.220.26
and also
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 4/16/2004
Time: 8:19:10 AM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Pre-authentication failed:
User Name: user1
User ID: DOMAIN\user1
Service Name: krbtgt/DOMAIN
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 172.20.190.27
domain (single forest, single domain).
The security log keeps filling up with events that seem
meaningless, defeating the whole purpose of the auditing.
Can anyone shed any light as to what these event mean, or
is there a way to stop them from being logged?
Thenks!
The events are:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 4/16/2004
Time: 8:22:57 AM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Service Ticket Request Failed:
User Name:
User Domain:
Service Name: krbtgt/DOMAIN.LOCAL
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 172.16.220.26
and also
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 4/16/2004
Time: 8:19:10 AM
User: NT AUTHORITY\SYSTEM
Computer: DC1
Description:
Pre-authentication failed:
User Name: user1
User ID: DOMAIN\user1
Service Name: krbtgt/DOMAIN
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 172.20.190.27