Domain controller computer account expired?

Hi!

We have some domain controllers for which we have this event logged every
minutes (and more):

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 532
Date: 6/10/2009
Time: 1:11:15 AM
User: NT AUTHORITY\SYSTEM
Computer: DC01
Description:
Logon Failure:
Reason: The specified user account has expired
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: DC01
Caller User Name: DC01$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 848
Transited Services: -
Source Network Address: -
Source Port: -

However we could logon to this server without any problem and users do not
have any problem at all.

I did the following, but with no success, we are still getting the error
message:

How To Use Netdom.exe to Reset Machine Account Passwords of a Windows 2000
Domain Controller
http://support.microsoft.com/kb/260575

What's wrong with those domain controllers???

Thanks.

Claude Lachapelle
Systems Administrator, MCSE

Hello Claude,

Please post an unedited dcdiag /v, netdiag /v from that DC, also a repadmin
/showrepl.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hi!
>
> We have some domain controllers for which we have this event logged
> every minutes (and more):
>
> Event Type: Failure Audit Event Source: Security Event Category:
> Logon/Logoff Event ID: 532 Date: 6/10/2009 Time: 1:11:15 AM User: NT
> AUTHORITY\SYSTEM Computer: DC01 Description: Logon Failure: Reason:
> The specified user account has expired User Name: Domain: Logon Type:
> 3 Logon Process: Authz Authentication Package: Kerberos Workstation
> Name: DC01 Caller User Name: DC01$ Caller Domain: DOMAIN Caller Logon
> ID: (0x0,0x3E7) Caller Process ID: 848 Transited Services: - Source
> Network Address: - Source Port: -
>
> However we could logon to this server without any problem and users do
> not have any problem at all.
>
> I did the following, but with no success, we are still getting the
> error message:
>
> How To Use Netdom.exe to Reset Machine Account Passwords of a Windows
> 2000
> Domain Controller
> http://support.microsoft.com/kb/260575
> What's wrong with those domain controllers???
>
> Thanks.
>
> Claude Lachapelle Systems Administrator, MCSE
>

dcdiag, netdiag and repadmin reported no error.

What I found is related to the logon type, which is 3, which is indicating a
network logon event failure...

But with no user and no domain name, what does that mean, which user account
has expired ???

Anything else I could run or monitor to find out the source of the error?

Thanks.

"Meinolf Weber [MVP-DS]" wrote:

> Hello Claude,
>
> Please post an unedited dcdiag /v, netdiag /v from that DC, also a repadmin
> /showrepl.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > Hi!
> >
> > We have some domain controllers for which we have this event logged
> > every minutes (and more):
> >
> > Event Type: Failure Audit Event Source: Security Event Category:
> > Logon/Logoff Event ID: 532 Date: 6/10/2009 Time: 1:11:15 AM User: NT
> > AUTHORITY\SYSTEM Computer: DC01 Description: Logon Failure: Reason:
> > The specified user account has expired User Name: Domain: Logon Type:
> > 3 Logon Process: Authz Authentication Package: Kerberos Workstation
> > Name: DC01 Caller User Name: DC01$ Caller Domain: DOMAIN Caller Logon
> > ID: (0x0,0x3E7) Caller Process ID: 848 Transited Services: - Source
> > Network Address: - Source Port: -
> >
> > However we could logon to this server without any problem and users do
> > not have any problem at all.
> >
> > I did the following, but with no success, we are still getting the
> > error message:
> >
> > How To Use Netdom.exe to Reset Machine Account Passwords of a Windows
> > 2000
> > Domain Controller
> > http://support.microsoft.com/kb/260575
> > What's wrong with those domain controllers???
> >
> > Thanks.
> >
> > Claude Lachapelle Systems Administrator, MCSE
> >
>
>
>

I finally found it, this is related to services which are unable to start
using LOCAL SYSTEM.

But I'm still searching for what they are unable to start with this account,
since a lot of others services are using the same account with no problem...

And about "The specified user account has expired", this is almost
impossible with the LOCAL SYSTEM account???

Thanks.

"Claude Lachapelle" wrote:

> dcdiag, netdiag and repadmin reported no error.
>
> What I found is related to the logon type, which is 3, which is indicating a
> network logon event failure...
>
> But with no user and no domain name, what does that mean, which user account
> has expired ???
>
> Anything else I could run or monitor to find out the source of the error?
>
> Thanks.
>
> "Meinolf Weber [MVP-DS]" wrote:
>
> > Hello Claude,
> >
> > Please post an unedited dcdiag /v, netdiag /v from that DC, also a repadmin
> > /showrepl.
> >
> > Best regards
> >
> > Meinolf Weber
> > Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> > no rights.
> > ** Please do NOT email, only reply to Newsgroups
> > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> >
> >
> > > Hi!
> > >
> > > We have some domain controllers for which we have this event logged
> > > every minutes (and more):
> > >
> > > Event Type: Failure Audit Event Source: Security Event Category:
> > > Logon/Logoff Event ID: 532 Date: 6/10/2009 Time: 1:11:15 AM User: NT
> > > AUTHORITY\SYSTEM Computer: DC01 Description: Logon Failure: Reason:
> > > The specified user account has expired User Name: Domain: Logon Type:
> > > 3 Logon Process: Authz Authentication Package: Kerberos Workstation
> > > Name: DC01 Caller User Name: DC01$ Caller Domain: DOMAIN Caller Logon
> > > ID: (0x0,0x3E7) Caller Process ID: 848 Transited Services: - Source
> > > Network Address: - Source Port: -
> > >
> > > However we could logon to this server without any problem and users do
> > > not have any problem at all.
> > >
> > > I did the following, but with no success, we are still getting the
> > > error message:
> > >
> > > How To Use Netdom.exe to Reset Machine Account Passwords of a Windows
> > > 2000
> > > Domain Controller
> > > http://support.microsoft.com/kb/260575
> > > What's wrong with those domain controllers???
> > >
> > > Thanks.
> > >
> > > Claude Lachapelle Systems Administrator, MCSE
> > >
> >
> >
> >