Pre-authentication failed for Windows 2008 systems

We are seeing errors similar to the following on our domain controllers for
all of our Windows 2008 (x86 and x64) servers:

Pre-authentication failed:
User Name: SERVERNAME$
User ID: DOMAIN\SERVERNAME$
Service Name: krbtgt/DOMAIN.COM
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: SERVER IP

Our active directory domain consists of two windows 2003 R2 x64 domain
controllers (if that matters).

I've done some searching online and found several other people seeing
similar errors with Windows Vista but no really good explanation of what's
causing them. The best I can find is a work around which suggests

1. On the domain controller, run "adsiedit.msc"
2. Locate the computer accounts DOMAIN\EXC$ under the Domain partition.
3. Right-click on "DOMAIN\EXC$", click Properties.
4. Then locate the attribute "UserAccountControl" in the Attributes list.
Click Edit.
5. Modify the value to original value plus 4194304. For example, if the
original value is 512, the new value should be 512+4194304=4194816
6. Click OK, click Apply, and click OK.
7. Quit ADSI Edit. Then you can check if the event 675 stops for these
accounts.

I've done this and it does seem to resolve the issue but I don't want to be
having to do this for each and every new Windows 2008 server we introduce
into active directory. Surely there must be some logical explanation for
what's causing these entries and how we can stop them without the elaborate
work around above?

If anyone has any suggestions or ideas, please let me know.

Thanks
Brad

Hello Brad,

Please post the complete event viewer entry.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> We are seeing errors similar to the following on our domain
> controllers for all of our Windows 2008 (x86 and x64) servers:
>
> Pre-authentication failed:
> User Name: SERVERNAME$
> User ID: DOMAIN\SERVERNAME$
> Service Name: krbtgt/DOMAIN.COM
> Pre-Authentication Type: 0x0
> Failure Code: 0x19
> Client Address: SERVER IP
> Our active directory domain consists of two windows 2003 R2 x64 domain
> controllers (if that matters).
>
> I've done some searching online and found several other people seeing
> similar errors with Windows Vista but no really good explanation of
> what's causing them. The best I can find is a work around which
> suggests
>
> 1. On the domain controller, run "adsiedit.msc"
> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
> partition.
> 3. Right-click on "DOMAIN\EXC$", click Properties.
> 4. Then locate the attribute "UserAccountControl" in the Attributes
> list.
> Click Edit.
> 5. Modify the value to original value plus 4194304. For example, if
> the
> original value is 512, the new value should be 512+4194304=4194816
> 6. Click OK, click Apply, and click OK.
> 7. Quit ADSI Edit. Then you can check if the event 675 stops for these
> accounts.
> I've done this and it does seem to resolve the issue but I don't want
> to be having to do this for each and every new Windows 2008 server we
> introduce into active directory. Surely there must be some logical
> explanation for what's causing these entries and how we can stop them
> without the elaborate work around above?
>
> If anyone has any suggestions or ideas, please let me know.
>
> Thanks
> Brad

Below is the output of the event log. Obviously I scrubbed some of the data
below (such as the PC names, domain controller names, domain name, ip
addresses and other sensitive information). But the event ID, and failure
codes are still as-is etc.

Thanks
Brad


Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 2/18/2009
Time: 12:06:19 AM
User: NT AUTHORITY\SYSTEM
Computer: DOMAINCONTROLLER
Description:
Pre-authentication failed:
User Name: WIN2K8SERVER$
User ID: DOMAIN\WIN2K8SERVER$
Service Name: krbtgt/DOMAIN.NET
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: 123.123.123.123



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Brad,
>
> Please post the complete event viewer entry.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> We are seeing errors similar to the following on our domain
>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>
>> Pre-authentication failed:
>> User Name: SERVERNAME$
>> User ID: DOMAIN\SERVERNAME$
>> Service Name: krbtgt/DOMAIN.COM
>> Pre-Authentication Type: 0x0
>> Failure Code: 0x19
>> Client Address: SERVER IP
>> Our active directory domain consists of two windows 2003 R2 x64 domain
>> controllers (if that matters).
>>
>> I've done some searching online and found several other people seeing
>> similar errors with Windows Vista but no really good explanation of
>> what's causing them. The best I can find is a work around which
>> suggests
>>
>> 1. On the domain controller, run "adsiedit.msc"
>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>> partition.
>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>> 4. Then locate the attribute "UserAccountControl" in the Attributes
>> list.
>> Click Edit.
>> 5. Modify the value to original value plus 4194304. For example, if
>> the
>> original value is 512, the new value should be 512+4194304=4194816
>> 6. Click OK, click Apply, and click OK.
>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for these
>> accounts.
>> I've done this and it does seem to resolve the issue but I don't want
>> to be having to do this for each and every new Windows 2008 server we
>> introduce into active directory. Surely there must be some logical
>> explanation for what's causing these entries and how we can stop them
>> without the elaborate work around above?
>>
>> If anyone has any suggestions or ideas, please let me know.
>>
>> Thanks
>> Brad
>
>

Hello Brad,

Make sure the machine is correct registered in your DNS zones. Please post
an unedited ipconfig /all from the existing DC's and the 2008 machine with
the error.

Assuming that you use private ip ranges there is noproblem to post them here.
10.x.x.x 172.x.x.x or 192.168.x.x are not accessible form outside.

Also run netdiag /v and post the output also.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Below is the output of the event log. Obviously I scrubbed some of the
> data below (such as the PC names, domain controller names, domain
> name, ip addresses and other sensitive information). But the event ID,
> and failure codes are still as-is etc.
>
> Thanks
> Brad
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 675
> Date: 2/18/2009
> Time: 12:06:19 AM
> User: NT AUTHORITY\SYSTEM
> Computer: DOMAINCONTROLLER
> Description:
> Pre-authentication failed:
> User Name: WIN2K8SERVER$
> User ID: DOMAIN\WIN2K8SERVER$
> Service Name: krbtgt/DOMAIN.NET
> Pre-Authentication Type: 0x0
> Failure Code: 0x19
> Client Address: 123.123.123.123
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Brad,
>>
>> Please post the complete event viewer entry.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> We are seeing errors similar to the following on our domain
>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>
>>> Pre-authentication failed:
>>> User Name: SERVERNAME$
>>> User ID: DOMAIN\SERVERNAME$
>>> Service Name: krbtgt/DOMAIN.COM
>>> Pre-Authentication Type: 0x0
>>> Failure Code: 0x19
>>> Client Address: SERVER IP
>>> Our active directory domain consists of two windows 2003 R2 x64
>>> domain
>>> controllers (if that matters).
>>> I've done some searching online and found several other people
>>> seeing similar errors with Windows Vista but no really good
>>> explanation of what's causing them. The best I can find is a work
>>> around which suggests
>>>
>>> 1. On the domain controller, run "adsiedit.msc"
>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>> partition.
>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>> 4. Then locate the attribute "UserAccountControl" in the Attributes
>>> list.
>>> Click Edit.
>>> 5. Modify the value to original value plus 4194304. For example, if
>>> the
>>> original value is 512, the new value should be 512+4194304=4194816
>>> 6. Click OK, click Apply, and click OK.
>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>> these
>>> accounts.
>>> I've done this and it does seem to resolve the issue but I don't
>>> want
>>> to be having to do this for each and every new Windows 2008 server
>>> we
>>> introduce into active directory. Surely there must be some logical
>>> explanation for what's causing these entries and how we can stop
>>> them
>>> without the elaborate work around above?
>>> If anyone has any suggestions or ideas, please let me know.
>>>
>>> Thanks
>>> Bra

Domain Controller 1 IPCONFIG
==============================
Windows IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Main Connection (Public):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.103
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.104
192.168.33.103


Domain Controller 2 IPCONFIG
==============================
Windows IP Configuration

Host Name . . . . . . . . . . . . : dc2
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Main Connection (Public):

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-13-72-F8-28-01
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.33.104
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.104
192.168.33.103

Windows 2008 Server IP Config
==============================
Host Name . . . . . . . . . . . . : TS1
Primary Dns Suffix . . . . . . . : domain.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.net

Ethernet adapter Local Area Connection 1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE
Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::c883:19c6:61c0:8195%16(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 192.168.33.3
DNS Servers . . . . . . . . . . . : 192.168.33.103
192.168.33.104
NetBIOS over Tcpip. . . . . . . . : Enabled


netdiag /v
=============================
Are you sure you want me to post this? This command returned over 4500 lines
of text.....


Thanks
Brad



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Brad,
>
> Make sure the machine is correct registered in your DNS zones. Please post
> an unedited ipconfig /all from the existing DC's and the 2008 machine with
> the error.
>
> Assuming that you use private ip ranges there is noproblem to post them
> here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible form outside.
>
> Also run netdiag /v and post the output also.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Below is the output of the event log. Obviously I scrubbed some of the
>> data below (such as the PC names, domain controller names, domain
>> name, ip addresses and other sensitive information). But the event ID,
>> and failure codes are still as-is etc.
>>
>> Thanks
>> Brad
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Account Logon
>> Event ID: 675
>> Date: 2/18/2009
>> Time: 12:06:19 AM
>> User: NT AUTHORITY\SYSTEM
>> Computer: DOMAINCONTROLLER
>> Description:
>> Pre-authentication failed:
>> User Name: WIN2K8SERVER$
>> User ID: DOMAIN\WIN2K8SERVER$
>> Service Name: krbtgt/DOMAIN.NET
>> Pre-Authentication Type: 0x0
>> Failure Code: 0x19
>> Client Address: 123.123.123.123
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news: .com...
>>
>>> Hello Brad,
>>>
>>> Please post the complete event viewer entry.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> We are seeing errors similar to the following on our domain
>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>
>>>> Pre-authentication failed:
>>>> User Name: SERVERNAME$
>>>> User ID: DOMAIN\SERVERNAME$
>>>> Service Name: krbtgt/DOMAIN.COM
>>>> Pre-Authentication Type: 0x0
>>>> Failure Code: 0x19
>>>> Client Address: SERVER IP
>>>> Our active directory domain consists of two windows 2003 R2 x64
>>>> domain
>>>> controllers (if that matters).
>>>> I've done some searching online and found several other people
>>>> seeing similar errors with Windows Vista but no really good
>>>> explanation of what's causing them. The best I can find is a work
>>>> around which suggests
>>>>
>>>> 1. On the domain controller, run "adsiedit.msc"
>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>> partition.
>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>> 4. Then locate the attribute "UserAccountControl" in the Attributes
>>>> list.
>>>> Click Edit.
>>>> 5. Modify the value to original value plus 4194304. For example, if
>>>> the
>>>> original value is 512, the new value should be 512+4194304=4194816
>>>> 6. Click OK, click Apply, and click OK.
>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>>> these
>>>> accounts.
>>>> I've done this and it does seem to resolve the issue but I don't
>>>> want
>>>> to be having to do this for each and every new Windows 2008 server
>>>> we
>>>> introduce into active directory. Surely there must be some logical
>>>> explanation for what's causing these entries and how we can stop
>>>> them
>>>> without the elaborate work around above?
>>>> If anyone has any suggestions or ideas, please let me know.
>>>>
>>>> Thanks
>>>> Brad
>
>

Hello Brad,

The ipconfigs looks ok. You can check it yourself but at least post a netdiag,
will be smaller.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Domain Controller 1 IPCONFIG
> ==============================
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : dc1
> Primary Dns Suffix . . . . . . . : domain.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.net
> Ethernet adapter Main Connection (Public):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : BASP Virtual Adapter
> Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.33.103
> Subnet Mask . . . . . . . . . . . : 255.255.252.0
> Default Gateway . . . . . . . . . : 192.168.33.3
> DNS Servers . . . . . . . . . . . : 192.168.33.104
> 192.168.33.103
> Domain Controller 2 IPCONFIG
> ==============================
> Windows IP Configuration
> Host Name . . . . . . . . . . . . : dc2
> Primary Dns Suffix . . . . . . . : domain.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.net
> Ethernet adapter Main Connection (Public):
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : BASP Virtual Adapter
> Physical Address. . . . . . . . . : 00-13-72-F8-28-01
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 192.168.33.104
> Subnet Mask . . . . . . . . . . . : 255.255.252.0
> Default Gateway . . . . . . . . . : 192.168.33.3
> DNS Servers . . . . . . . . . . . : 192.168.33.104
> 192.168.33.103
> Windows 2008 Server IP Config
> ==============================
> Host Name . . . . . . . . . . . . : TS1
> Primary Dns Suffix . . . . . . . : domain.net
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : Yes
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.net
> Ethernet adapter Local Area Connection 1:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
> GigE
> Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::c883:19c6:61c0:8195%16(Preferred)
> IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.252.0
> Default Gateway . . . . . . . . . : 192.168.33.3
> DNS Servers . . . . . . . . . . . : 192.168.33.103
> 192.168.33.104
> NetBIOS over Tcpip. . . . . . . . : Enabled
> netdiag /v
> =============================
> Are you sure you want me to post this? This command returned over 4500
> lines
> of text.....
> Thanks
> Brad
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Brad,
>>
>> Make sure the machine is correct registered in your DNS zones. Please
>> post an unedited ipconfig /all from the existing DC's and the 2008
>> machine with the error.
>>
>> Assuming that you use private ip ranges there is noproblem to post
>> them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible form
>> outside.
>>
>> Also run netdiag /v and post the output also.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Below is the output of the event log. Obviously I scrubbed some of
>>> the data below (such as the PC names, domain controller names,
>>> domain name, ip addresses and other sensitive information). But the
>>> event ID, and failure codes are still as-is etc.
>>>
>>> Thanks
>>> Brad
>>> Event Type: Failure Audit
>>> Event Source: Security
>>> Event Category: Account Logon
>>> Event ID: 675
>>> Date: 2/18/2009
>>> Time: 12:06:19 AM
>>> User: NT AUTHORITY\SYSTEM
>>> Computer: DOMAINCONTROLLER
>>> Description:
>>> Pre-authentication failed:
>>> User Name: WIN2K8SERVER$
>>> User ID: DOMAIN\WIN2K8SERVER$
>>> Service Name: krbtgt/DOMAIN.NET
>>> Pre-Authentication Type: 0x0
>>> Failure Code: 0x19
>>> Client Address: 123.123.123.123
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>
>>>> Hello Brad,
>>>>
>>>> Please post the complete event viewer entry.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> We are seeing errors similar to the following on our domain
>>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>>
>>>>> Pre-authentication failed:
>>>>> User Name: SERVERNAME$
>>>>> User ID: DOMAIN\SERVERNAME$
>>>>> Service Name: krbtgt/DOMAIN.COM
>>>>> Pre-Authentication Type: 0x0
>>>>> Failure Code: 0x19
>>>>> Client Address: SERVER IP
>>>>> Our active directory domain consists of two windows 2003 R2 x64
>>>>> domain
>>>>> controllers (if that matters).
>>>>> I've done some searching online and found several other people
>>>>> seeing similar errors with Windows Vista but no really good
>>>>> explanation of what's causing them. The best I can find is a work
>>>>> around which suggests
>>>>> 1. On the domain controller, run "adsiedit.msc"
>>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>>> partition.
>>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>>> 4. Then locate the attribute "UserAccountControl" in the
>>>>> Attributes
>>>>> list.
>>>>> Click Edit.
>>>>> 5. Modify the value to original value plus 4194304. For example,
>>>>> if
>>>>> the
>>>>> original value is 512, the new value should be 512+4194304=4194816
>>>>> 6. Click OK, click Apply, and click OK.
>>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>>>> these
>>>>> accounts.
>>>>> I've done this and it does seem to resolve the issue but I don't
>>>>> want
>>>>> to be having to do this for each and every new Windows 2008 server
>>>>> we
>>>>> introduce into active directory. Surely there must be some logical
>>>>> explanation for what's causing these entries and how we can stop
>>>>> them
>>>>> without the elaborate work around above?
>>>>> If anyone has any suggestions or ideas, please let me know.
>>>>> Thanks
>>>>> Brad

Computer Name: DC1
DNS Host Name: dc1.domain.net
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : EM64T Family 15 Model 6 Stepping 4, GenuineIntel
List of installed hotfixes :
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Main Connection (Public)

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.33.103
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 192.168.33.3
Dns Servers. . . . . . . . : 192.168.33.104
192.168.33.103


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Failed
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for
reading.
[FATAL] Could not open file C:\WINDOWS\system32\config\netlogon.dns for
reading.
[FATAL] No DNS servers have the DNS records for this DC registered.


Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
The browser is bound to 1 NetBt transport.
[FATAL] Cannot send mailslot message to 'domain*' via browser.
[ERROR_INVALID_FUNCTION]


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'domain' is to '\\dc2.domain.net'.


Kerberos test. . . . . . . . . . . : Failed
[FATAL] Cannot lookup package Kerberos.
The error occurred was: (null)


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Brad,
>
> The ipconfigs looks ok. You can check it yourself but at least post a
> netdiag, will be smaller.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Domain Controller 1 IPCONFIG
>> ==============================
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : dc1
>> Primary Dns Suffix . . . . . . . : domain.net
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : domain.net
>> Ethernet adapter Main Connection (Public):
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : BASP Virtual Adapter
>> Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.33.103
>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>> Default Gateway . . . . . . . . . : 192.168.33.3
>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>> 192.168.33.103
>> Domain Controller 2 IPCONFIG
>> ==============================
>> Windows IP Configuration
>> Host Name . . . . . . . . . . . . : dc2
>> Primary Dns Suffix . . . . . . . : domain.net
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : domain.net
>> Ethernet adapter Main Connection (Public):
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : BASP Virtual Adapter
>> Physical Address. . . . . . . . . : 00-13-72-F8-28-01
>> DHCP Enabled. . . . . . . . . . . : No
>> IP Address. . . . . . . . . . . . : 192.168.33.104
>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>> Default Gateway . . . . . . . . . : 192.168.33.3
>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>> 192.168.33.103
>> Windows 2008 Server IP Config
>> ==============================
>> Host Name . . . . . . . . . . . . : TS1
>> Primary Dns Suffix . . . . . . . : domain.net
>> Node Type . . . . . . . . . . . . : Hybrid
>> IP Routing Enabled. . . . . . . . : Yes
>> WINS Proxy Enabled. . . . . . . . : No
>> DNS Suffix Search List. . . . . . : domain.net
>> Ethernet adapter Local Area Connection 1:
>>
>> Connection-specific DNS Suffix . :
>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>> GigE
>> Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
>> DHCP Enabled. . . . . . . . . . . : No
>> Autoconfiguration Enabled . . . . : Yes
>> Link-local IPv6 Address . . . . . :
>> fe80::c883:19c6:61c0:8195%16(Preferred)
>> IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>> Default Gateway . . . . . . . . . : 192.168.33.3
>> DNS Servers . . . . . . . . . . . : 192.168.33.103
>> 192.168.33.104
>> NetBIOS over Tcpip. . . . . . . . : Enabled
>> netdiag /v
>> =============================
>> Are you sure you want me to post this? This command returned over 4500
>> lines
>> of text.....
>> Thanks
>> Brad
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news: .com...
>>
>>> Hello Brad,
>>>
>>> Make sure the machine is correct registered in your DNS zones. Please
>>> post an unedited ipconfig /all from the existing DC's and the 2008
>>> machine with the error.
>>>
>>> Assuming that you use private ip ranges there is noproblem to post
>>> them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible form
>>> outside.
>>>
>>> Also run netdiag /v and post the output also.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Below is the output of the event log. Obviously I scrubbed some of
>>>> the data below (such as the PC names, domain controller names,
>>>> domain name, ip addresses and other sensitive information). But the
>>>> event ID, and failure codes are still as-is etc.
>>>>
>>>> Thanks
>>>> Brad
>>>> Event Type: Failure Audit
>>>> Event Source: Security
>>>> Event Category: Account Logon
>>>> Event ID: 675
>>>> Date: 2/18/2009
>>>> Time: 12:06:19 AM
>>>> User: NT AUTHORITY\SYSTEM
>>>> Computer: DOMAINCONTROLLER
>>>> Description:
>>>> Pre-authentication failed:
>>>> User Name: WIN2K8SERVER$
>>>> User ID: DOMAIN\WIN2K8SERVER$
>>>> Service Name: krbtgt/DOMAIN.NET
>>>> Pre-Authentication Type: 0x0
>>>> Failure Code: 0x19
>>>> Client Address: 123.123.123.123
>>>> For more information, see Help and Support Center at
>>>> http://go.microsoft.com/fwlink/events.asp.
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news: .com...
>>>>
>>>>> Hello Brad,
>>>>>
>>>>> Please post the complete event viewer entry.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> We are seeing errors similar to the following on our domain
>>>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>>>
>>>>>> Pre-authentication failed:
>>>>>> User Name: SERVERNAME$
>>>>>> User ID: DOMAIN\SERVERNAME$
>>>>>> Service Name: krbtgt/DOMAIN.COM
>>>>>> Pre-Authentication Type: 0x0
>>>>>> Failure Code: 0x19
>>>>>> Client Address: SERVER IP
>>>>>> Our active directory domain consists of two windows 2003 R2 x64
>>>>>> domain
>>>>>> controllers (if that matters).
>>>>>> I've done some searching online and found several other people
>>>>>> seeing similar errors with Windows Vista but no really good
>>>>>> explanation of what's causing them. The best I can find is a work
>>>>>> around which suggests
>>>>>> 1. On the domain controller, run "adsiedit.msc"
>>>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>>>> partition.
>>>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>>>> 4. Then locate the attribute "UserAccountControl" in the
>>>>>> Attributes
>>>>>> list.
>>>>>> Click Edit.
>>>>>> 5. Modify the value to original value plus 4194304. For example,
>>>>>> if
>>>>>> the
>>>>>> original value is 512, the new value should be 512+4194304=4194816
>>>>>> 6. Click OK, click Apply, and click OK.
>>>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>>>>> these
>>>>>> accounts.
>>>>>> I've done this and it does seem to resolve the issue but I don't
>>>>>> want
>>>>>> to be having to do this for each and every new Windows 2008 server
>>>>>> we
>>>>>> introduce into active directory. Surely there must be some logical
>>>>>> explanation for what's causing these entries and how we can stop
>>>>>> them
>>>>>> without the elaborate work around above?
>>>>>> If anyone has any suggestions or ideas, please let me know.
>>>>>> Thanks
>>>>>> Brad
>
>

Hello Brad,

The error states DNS is a problem as you can see in the output.

Are all DNS zones listing the server with it's records, check all levels?

What kind of zones do you run?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Computer Name: DC1
> DNS Host Name: dc1.domain.net
> System info : Microsoft Windows Server 2003 (Build 3790)
> Processor : EM64T Family 15 Model 6 Stepping 4, GenuineIntel
> List of installed hotfixes :
> Q147222
> Netcard queries test . . . . . . . : Passed
>
> Per interface results:
>
> Adapter : Main Connection (Public)
>
> Netcard queries test . . . : Passed
>
> Host Name. . . . . . . . . : dc1
> IP Address . . . . . . . . : 192.168.33.103
> Subnet Mask. . . . . . . . : 255.255.252.0
> Default Gateway. . . . . . : 192.168.33.3
> Dns Servers. . . . . . . . : 192.168.33.104
> 192.168.33.103
> AutoConfiguration results. . . . . . : Passed
>
> Default gateway test . . . : Passed
>
> NetBT name test. . . . . . : Passed
> No names have been found.
> WINS service test. . . . . : Skipped
> There are no WINS servers configured for this interface.
> Global results:
>
> Domain membership test . . . . . . : Passed
>
> NetBT transports test. . . . . . . : Passed
> List of NetBt transports currently configured:
> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
> 1 NetBt transport currently configured.
> Autonet address test . . . . . . . : Passed
>
> IP loopback ping test. . . . . . . : Passed
>
> Default gateway test . . . . . . . : Passed
>
> NetBT name test. . . . . . . . . . : Passed
> [WARNING] You don't have a single interface with the <00>
> 'WorkStation
> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
> Winsock test . . . . . . . . . . . : Passed
>
> DNS test . . . . . . . . . . . . . : Failed
> [FATAL] Could not open file
> C:\WINDOWS\system32\config\netlogon.dns for
> reading.
> [FATAL] Could not open file
> C:\WINDOWS\system32\config\netlogon.dns for
> reading.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
> Redir and Browser test . . . . . . : Failed
> List of NetBt transports currently bound to the Redir
> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
> The redir is bound to 1 NetBt transport.
> List of NetBt transports currently bound to the browser
> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
> The browser is bound to 1 NetBt transport.
> [FATAL] Cannot send mailslot message to 'domain*' via browser.
> [ERROR_INVALID_FUNCTION]
> DC discovery test. . . . . . . . . : Passed
>
> DC list test . . . . . . . . . . . : Passed
>
> Trust relationship test. . . . . . : Passed
> Secure channel for domain 'domain' is to '\\dc2.domain.net'.
> Kerberos test. . . . . . . . . . . : Failed
> [FATAL] Cannot lookup package Kerberos.
> The error occurred was: (null)
> LDAP test. . . . . . . . . . . . . : Passed
>
> Bindings test. . . . . . . . . . . : Passed
>
> WAN configuration test . . . . . . : Skipped
> No active remote access connections.
> Modem diagnostics test . . . . . . : Passed
>
> IP Security test . . . . . . . . . : Skipped
>
> Note: run "netsh ipsec dynamic show /?" for more detailed
> information
>
> The command completed successfully
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Brad,
>>
>> The ipconfigs looks ok. You can check it yourself but at least post a
>> netdiag, will be smaller.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Domain Controller 1 IPCONFIG
>>> ==============================
>>> Windows IP Configuration
>>> Host Name . . . . . . . . . . . . : dc1
>>> Primary Dns Suffix . . . . . . . : domain.net
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : domain.net
>>> Ethernet adapter Main Connection (Public):
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>> Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.33.103
>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>> 192.168.33.103
>>> Domain Controller 2 IPCONFIG
>>> ==============================
>>> Windows IP Configuration
>>> Host Name . . . . . . . . . . . . : dc2
>>> Primary Dns Suffix . . . . . . . : domain.net
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : domain.net
>>> Ethernet adapter Main Connection (Public):
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>> Physical Address. . . . . . . . . : 00-13-72-F8-28-01
>>> DHCP Enabled. . . . . . . . . . . : No
>>> IP Address. . . . . . . . . . . . : 192.168.33.104
>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>> 192.168.33.103
>>> Windows 2008 Server IP Config
>>> ==============================
>>> Host Name . . . . . . . . . . . . : TS1
>>> Primary Dns Suffix . . . . . . . : domain.net
>>> Node Type . . . . . . . . . . . . : Hybrid
>>> IP Routing Enabled. . . . . . . . : Yes
>>> WINS Proxy Enabled. . . . . . . . : No
>>> DNS Suffix Search List. . . . . . : domain.net
>>> Ethernet adapter Local Area Connection 1:
>>> Connection-specific DNS Suffix . :
>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>> GigE
>>> Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
>>> DHCP Enabled. . . . . . . . . . . : No
>>> Autoconfiguration Enabled . . . . : Yes
>>> Link-local IPv6 Address . . . . . :
>>> fe80::c883:19c6:61c0:8195%16(Preferred)
>>> IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>> DNS Servers . . . . . . . . . . . : 192.168.33.103
>>> 192.168.33.104
>>> NetBIOS over Tcpip. . . . . . . . : Enabled
>>> netdiag /v
>>> =============================
>>> Are you sure you want me to post this? This command returned over
>>> 4500
>>> lines
>>> of text.....
>>> Thanks
>>> Brad
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>> Hello Brad,
>>>>
>>>> Make sure the machine is correct registered in your DNS zones.
>>>> Please post an unedited ipconfig /all from the existing DC's and
>>>> the 2008 machine with the error.
>>>>
>>>> Assuming that you use private ip ranges there is noproblem to post
>>>> them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible
>>>> form outside.
>>>>
>>>> Also run netdiag /v and post the output also.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Below is the output of the event log. Obviously I scrubbed some of
>>>>> the data below (such as the PC names, domain controller names,
>>>>> domain name, ip addresses and other sensitive information). But
>>>>> the event ID, and failure codes are still as-is etc.
>>>>>
>>>>> Thanks
>>>>> Brad
>>>>> Event Type: Failure Audit
>>>>> Event Source: Security
>>>>> Event Category: Account Logon
>>>>> Event ID: 675
>>>>> Date: 2/18/2009
>>>>> Time: 12:06:19 AM
>>>>> User: NT AUTHORITY\SYSTEM
>>>>> Computer: DOMAINCONTROLLER
>>>>> Description:
>>>>> Pre-authentication failed:
>>>>> User Name: WIN2K8SERVER$
>>>>> User ID: DOMAIN\WIN2K8SERVER$
>>>>> Service Name: krbtgt/DOMAIN.NET
>>>>> Pre-Authentication Type: 0x0
>>>>> Failure Code: 0x19
>>>>> Client Address: 123.123.123.123
>>>>> For more information, see Help and Support Center at
>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news: .com...
>>>>>> Hello Brad,
>>>>>>
>>>>>> Please post the complete event viewer entry.
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> We are seeing errors similar to the following on our domain
>>>>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>>>>
>>>>>>> Pre-authentication failed:
>>>>>>> User Name: SERVERNAME$
>>>>>>> User ID: DOMAIN\SERVERNAME$
>>>>>>> Service Name: krbtgt/DOMAIN.COM
>>>>>>> Pre-Authentication Type: 0x0
>>>>>>> Failure Code: 0x19
>>>>>>> Client Address: SERVER IP
>>>>>>> Our active directory domain consists of two windows 2003 R2 x64
>>>>>>> domain
>>>>>>> controllers (if that matters).
>>>>>>> I've done some searching online and found several other people
>>>>>>> seeing similar errors with Windows Vista but no really good
>>>>>>> explanation of what's causing them. The best I can find is a
>>>>>>> work
>>>>>>> around which suggests
>>>>>>> 1. On the domain controller, run "adsiedit.msc"
>>>>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>>>>> partition.
>>>>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>>>>> 4. Then locate the attribute "UserAccountControl" in the
>>>>>>> Attributes
>>>>>>> list.
>>>>>>> Click Edit.
>>>>>>> 5. Modify the value to original value plus 4194304. For example,
>>>>>>> if
>>>>>>> the
>>>>>>> original value is 512, the new value should be
>>>>>>> 512+4194304=4194816
>>>>>>> 6. Click OK, click Apply, and click OK.
>>>>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>>>>>> these
>>>>>>> accounts.
>>>>>>> I've done this and it does seem to resolve the issue but I don't
>>>>>>> want
>>>>>>> to be having to do this for each and every new Windows 2008
>>>>>>> server
>>>>>>> we
>>>>>>> introduce into active directory. Surely there must be some
>>>>>>> logical
>>>>>>> explanation for what's causing these entries and how we can stop
>>>>>>> them
>>>>>>> without the elaborate work around above?
>>>>>>> If anyone has any suggestions or ideas, please let me know.
>>>>>>> Thanks
>>>>>>> Brad

> Are all DNS zones listing the server with it's records, check all levels?
I'm not sure I understand what you are asking here.

If you are asking if the primary DNS zone (domain.net) contains A (host)
records for the Windows 2008 servers generating this error - then the answer
is yes.

If you are asking if the primary DNS zone (domain.net contains A (host)
records for the domain controllers (DC1 & DC2) - then again the answer is
yes.

> What kind of zones do you run?
Active Directory Integrated Zones



"Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello Brad,
>
> The error states DNS is a problem as you can see in the output.
> Are all DNS zones listing the server with it's records, check all levels?
>
> What kind of zones do you run?
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Computer Name: DC1
>> DNS Host Name: dc1.domain.net
>> System info : Microsoft Windows Server 2003 (Build 3790)
>> Processor : EM64T Family 15 Model 6 Stepping 4, GenuineIntel
>> List of installed hotfixes :
>> Q147222
>> Netcard queries test . . . . . . . : Passed
>>
>> Per interface results:
>>
>> Adapter : Main Connection (Public)
>>
>> Netcard queries test . . . : Passed
>>
>> Host Name. . . . . . . . . : dc1
>> IP Address . . . . . . . . : 192.168.33.103
>> Subnet Mask. . . . . . . . : 255.255.252.0
>> Default Gateway. . . . . . : 192.168.33.3
>> Dns Servers. . . . . . . . : 192.168.33.104
>> 192.168.33.103
>> AutoConfiguration results. . . . . . : Passed
>>
>> Default gateway test . . . : Passed
>>
>> NetBT name test. . . . . . : Passed
>> No names have been found.
>> WINS service test. . . . . : Skipped
>> There are no WINS servers configured for this interface.
>> Global results:
>>
>> Domain membership test . . . . . . : Passed
>>
>> NetBT transports test. . . . . . . : Passed
>> List of NetBt transports currently configured:
>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>> 1 NetBt transport currently configured.
>> Autonet address test . . . . . . . : Passed
>>
>> IP loopback ping test. . . . . . . : Passed
>>
>> Default gateway test . . . . . . . : Passed
>>
>> NetBT name test. . . . . . . . . . : Passed
>> [WARNING] You don't have a single interface with the <00>
>> 'WorkStation
>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>> Winsock test . . . . . . . . . . . : Passed
>>
>> DNS test . . . . . . . . . . . . . : Failed
>> [FATAL] Could not open file
>> C:\WINDOWS\system32\config\netlogon.dns for
>> reading.
>> [FATAL] Could not open file
>> C:\WINDOWS\system32\config\netlogon.dns for
>> reading.
>> [FATAL] No DNS servers have the DNS records for this DC
>> registered.
>> Redir and Browser test . . . . . . : Failed
>> List of NetBt transports currently bound to the Redir
>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>> The redir is bound to 1 NetBt transport.
>> List of NetBt transports currently bound to the browser
>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>> The browser is bound to 1 NetBt transport.
>> [FATAL] Cannot send mailslot message to 'domain*' via browser.
>> [ERROR_INVALID_FUNCTION]
>> DC discovery test. . . . . . . . . : Passed
>>
>> DC list test . . . . . . . . . . . : Passed
>>
>> Trust relationship test. . . . . . : Passed
>> Secure channel for domain 'domain' is to '\\dc2.domain.net'.
>> Kerberos test. . . . . . . . . . . : Failed
>> [FATAL] Cannot lookup package Kerberos.
>> The error occurred was: (null)
>> LDAP test. . . . . . . . . . . . . : Passed
>>
>> Bindings test. . . . . . . . . . . : Passed
>>
>> WAN configuration test . . . . . . : Skipped
>> No active remote access connections.
>> Modem diagnostics test . . . . . . : Passed
>>
>> IP Security test . . . . . . . . . : Skipped
>>
>> Note: run "netsh ipsec dynamic show /?" for more detailed
>> information
>>
>> The command completed successfully
>>
>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>> news: .com...
>>
>>> Hello Brad,
>>>
>>> The ipconfigs looks ok. You can check it yourself but at least post a
>>> netdiag, will be smaller.
>>>
>>> Best regards
>>>
>>> Meinolf Weber
>>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>>> confers no rights.
>>> ** Please do NOT email, only reply to Newsgroups
>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>> Domain Controller 1 IPCONFIG
>>>> ==============================
>>>> Windows IP Configuration
>>>> Host Name . . . . . . . . . . . . : dc1
>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>> IP Routing Enabled. . . . . . . . : Yes
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : domain.net
>>>> Ethernet adapter Main Connection (Public):
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>>> Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.33.103
>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>>> 192.168.33.103
>>>> Domain Controller 2 IPCONFIG
>>>> ==============================
>>>> Windows IP Configuration
>>>> Host Name . . . . . . . . . . . . : dc2
>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>> IP Routing Enabled. . . . . . . . : Yes
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : domain.net
>>>> Ethernet adapter Main Connection (Public):
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>>> Physical Address. . . . . . . . . : 00-13-72-F8-28-01
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> IP Address. . . . . . . . . . . . : 192.168.33.104
>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>>> 192.168.33.103
>>>> Windows 2008 Server IP Config
>>>> ==============================
>>>> Host Name . . . . . . . . . . . . : TS1
>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>> IP Routing Enabled. . . . . . . . : Yes
>>>> WINS Proxy Enabled. . . . . . . . : No
>>>> DNS Suffix Search List. . . . . . : domain.net
>>>> Ethernet adapter Local Area Connection 1:
>>>> Connection-specific DNS Suffix . :
>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>>> GigE
>>>> Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
>>>> DHCP Enabled. . . . . . . . . . . : No
>>>> Autoconfiguration Enabled . . . . : Yes
>>>> Link-local IPv6 Address . . . . . :
>>>> fe80::c883:19c6:61c0:8195%16(Preferred)
>>>> IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>> DNS Servers . . . . . . . . . . . : 192.168.33.103
>>>> 192.168.33.104
>>>> NetBIOS over Tcpip. . . . . . . . : Enabled
>>>> netdiag /v
>>>> =============================
>>>> Are you sure you want me to post this? This command returned over
>>>> 4500
>>>> lines
>>>> of text.....
>>>> Thanks
>>>> Brad
>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>> news: .com...
>>>>> Hello Brad,
>>>>>
>>>>> Make sure the machine is correct registered in your DNS zones.
>>>>> Please post an unedited ipconfig /all from the existing DC's and
>>>>> the 2008 machine with the error.
>>>>>
>>>>> Assuming that you use private ip ranges there is noproblem to post
>>>>> them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not accessible
>>>>> form outside.
>>>>>
>>>>> Also run netdiag /v and post the output also.
>>>>>
>>>>> Best regards
>>>>>
>>>>> Meinolf Weber
>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>> and
>>>>> confers no rights.
>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>> Below is the output of the event log. Obviously I scrubbed some of
>>>>>> the data below (such as the PC names, domain controller names,
>>>>>> domain name, ip addresses and other sensitive information). But
>>>>>> the event ID, and failure codes are still as-is etc.
>>>>>>
>>>>>> Thanks
>>>>>> Brad
>>>>>> Event Type: Failure Audit
>>>>>> Event Source: Security
>>>>>> Event Category: Account Logon
>>>>>> Event ID: 675
>>>>>> Date: 2/18/2009
>>>>>> Time: 12:06:19 AM
>>>>>> User: NT AUTHORITY\SYSTEM
>>>>>> Computer: DOMAINCONTROLLER
>>>>>> Description:
>>>>>> Pre-authentication failed:
>>>>>> User Name: WIN2K8SERVER$
>>>>>> User ID: DOMAIN\WIN2K8SERVER$
>>>>>> Service Name: krbtgt/DOMAIN.NET
>>>>>> Pre-Authentication Type: 0x0
>>>>>> Failure Code: 0x19
>>>>>> Client Address: 123.123.123.123
>>>>>> For more information, see Help and Support Center at
>>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>>> news: .com...
>>>>>>> Hello Brad,
>>>>>>>
>>>>>>> Please post the complete event viewer entry.
>>>>>>>
>>>>>>> Best regards
>>>>>>>
>>>>>>> Meinolf Weber
>>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>>> and
>>>>>>> confers no rights.
>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>> ** HELP us help YOU!!!
>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>> We are seeing errors similar to the following on our domain
>>>>>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>>>>>
>>>>>>>> Pre-authentication failed:
>>>>>>>> User Name: SERVERNAME$
>>>>>>>> User ID: DOMAIN\SERVERNAME$
>>>>>>>> Service Name: krbtgt/DOMAIN.COM
>>>>>>>> Pre-Authentication Type: 0x0
>>>>>>>> Failure Code: 0x19
>>>>>>>> Client Address: SERVER IP
>>>>>>>> Our active directory domain consists of two windows 2003 R2 x64
>>>>>>>> domain
>>>>>>>> controllers (if that matters).
>>>>>>>> I've done some searching online and found several other people
>>>>>>>> seeing similar errors with Windows Vista but no really good
>>>>>>>> explanation of what's causing them. The best I can find is a
>>>>>>>> work
>>>>>>>> around which suggests
>>>>>>>> 1. On the domain controller, run "adsiedit.msc"
>>>>>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>>>>>> partition.
>>>>>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>>>>>> 4. Then locate the attribute "UserAccountControl" in the
>>>>>>>> Attributes
>>>>>>>> list.
>>>>>>>> Click Edit.
>>>>>>>> 5. Modify the value to original value plus 4194304. For example,
>>>>>>>> if
>>>>>>>> the
>>>>>>>> original value is 512, the new value should be
>>>>>>>> 512+4194304=4194816
>>>>>>>> 6. Click OK, click Apply, and click OK.
>>>>>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops for
>>>>>>>> these
>>>>>>>> accounts.
>>>>>>>> I've done this and it does seem to resolve the issue but I don't
>>>>>>>> want
>>>>>>>> to be having to do this for each and every new Windows 2008
>>>>>>>> server
>>>>>>>> we
>>>>>>>> introduce into active directory. Surely there must be some
>>>>>>>> logical
>>>>>>>> explanation for what's causing these entries and how we can stop
>>>>>>>> them
>>>>>>>> without the elaborate work around above?
>>>>>>>> If anyone has any suggestions or ideas, please let me know.
>>>>>>>> Thanks
>>>>>>>> Brad
>
>

Hello Brad,

I meant also the _msdcs.domain.com zone and the sub folders under it(dc,domains,gc,pdc)
and the sub folders under domain.com (_sites,_tcp,_udp,domaindnszones,forestdnszones)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


>> Are all DNS zones listing the server with it's records, check all
>> levels?
>>
> I'm not sure I understand what you are asking here.
>
> If you are asking if the primary DNS zone (domain.net) contains A
> (host) records for the Windows 2008 servers generating this error -
> then the answer is yes.
>
> If you are asking if the primary DNS zone (domain.net contains A
> (host) records for the domain controllers (DC1 & DC2) - then again the
> answer is yes.
>
>> What kind of zones do you run?
>>
> Active Directory Integrated Zones
>
> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
> news: .com...
>
>> Hello Brad,
>>
>> The error states DNS is a problem as you can see in the output. Are
>> all DNS zones listing the server with it's records, check all levels?
>>
>> What kind of zones do you run?
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Computer Name: DC1
>>> DNS Host Name: dc1.domain.net
>>> System info : Microsoft Windows Server 2003 (Build 3790)
>>> Processor : EM64T Family 15 Model 6 Stepping 4, GenuineIntel
>>> List of installed hotfixes :
>>> Q147222
>>> Netcard queries test . . . . . . . : Passed
>>> Per interface results:
>>>
>>> Adapter : Main Connection (Public)
>>>
>>> Netcard queries test . . . : Passed
>>>
>>> Host Name. . . . . . . . . : dc1
>>> IP Address . . . . . . . . : 192.168.33.103
>>> Subnet Mask. . . . . . . . : 255.255.252.0
>>> Default Gateway. . . . . . : 192.168.33.3
>>> Dns Servers. . . . . . . . : 192.168.33.104
>>> 192.168.33.103
>>> AutoConfiguration results. . . . . . : Passed
>>> Default gateway test . . . : Passed
>>>
>>> NetBT name test. . . . . . : Passed
>>> No names have been found.
>>> WINS service test. . . . . : Skipped
>>> There are no WINS servers configured for this interface.
>>> Global results:
>>> Domain membership test . . . . . . : Passed
>>>
>>> NetBT transports test. . . . . . . : Passed
>>> List of NetBt transports currently configured:
>>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>>> 1 NetBt transport currently configured.
>>> Autonet address test . . . . . . . : Passed
>>> IP loopback ping test. . . . . . . : Passed
>>>
>>> Default gateway test . . . . . . . : Passed
>>>
>>> NetBT name test. . . . . . . . . . : Passed
>>> [WARNING] You don't have a single interface with the <00>
>>> 'WorkStation
>>> Service', <03> 'Messenger Service', <20> 'WINS' names defined.
>>> Winsock test . . . . . . . . . . . : Passed
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [FATAL] Could not open file
>>> C:\WINDOWS\system32\config\netlogon.dns for
>>> reading.
>>> [FATAL] Could not open file
>>> C:\WINDOWS\system32\config\netlogon.dns for
>>> reading.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> Redir and Browser test . . . . . . : Failed
>>> List of NetBt transports currently bound to the Redir
>>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>>> The redir is bound to 1 NetBt transport.
>>> List of NetBt transports currently bound to the browser
>>> NetBT_Tcpip_{3EFD5D5E-F5B5-4A0B-A5B1-C5F8EB59B504}
>>> The browser is bound to 1 NetBt transport.
>>> [FATAL] Cannot send mailslot message to 'domain*' via browser.
>>> [ERROR_INVALID_FUNCTION]
>>> DC discovery test. . . . . . . . . : Passed
>>> DC list test . . . . . . . . . . . : Passed
>>>
>>> Trust relationship test. . . . . . : Passed
>>> Secure channel for domain 'domain' is to '\\dc2.domain.net'.
>>> Kerberos test. . . . . . . . . . . : Failed
>>> [FATAL] Cannot lookup package Kerberos.
>>> The error occurred was: (null)
>>> LDAP test. . . . . . . . . . . . . : Passed
>>> Bindings test. . . . . . . . . . . : Passed
>>>
>>> WAN configuration test . . . . . . : Skipped
>>> No active remote access connections.
>>> Modem diagnostics test . . . . . . : Passed
>>> IP Security test . . . . . . . . . : Skipped
>>>
>>> Note: run "netsh ipsec dynamic show /?" for more detailed
>>> information
>>>
>>> The command completed successfully
>>>
>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>> news: .com...
>>>
>>>> Hello Brad,
>>>>
>>>> The ipconfigs looks ok. You can check it yourself but at least post
>>>> a netdiag, will be smaller.
>>>>
>>>> Best regards
>>>>
>>>> Meinolf Weber
>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>> and
>>>> confers no rights.
>>>> ** Please do NOT email, only reply to Newsgroups
>>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>> Domain Controller 1 IPCONFIG
>>>>> ==============================
>>>>> Windows IP Configuration
>>>>> Host Name . . . . . . . . . . . . : dc1
>>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : domain.net
>>>>> Ethernet adapter Main Connection (Public):
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>>>> Physical Address. . . . . . . . . : 00-13-72-F8-27-0C
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.33.103
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>>>> 192.168.33.103
>>>>> Domain Controller 2 IPCONFIG
>>>>> ==============================
>>>>> Windows IP Configuration
>>>>> Host Name . . . . . . . . . . . . : dc2
>>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : domain.net
>>>>> Ethernet adapter Main Connection (Public):
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : BASP Virtual Adapter
>>>>> Physical Address. . . . . . . . . : 00-13-72-F8-28-01
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> IP Address. . . . . . . . . . . . : 192.168.33.104
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>>> DNS Servers . . . . . . . . . . . : 192.168.33.104
>>>>> 192.168.33.103
>>>>> Windows 2008 Server IP Config
>>>>> ==============================
>>>>> Host Name . . . . . . . . . . . . : TS1
>>>>> Primary Dns Suffix . . . . . . . : domain.net
>>>>> Node Type . . . . . . . . . . . . : Hybrid
>>>>> IP Routing Enabled. . . . . . . . : Yes
>>>>> WINS Proxy Enabled. . . . . . . . : No
>>>>> DNS Suffix Search List. . . . . . : domain.net
>>>>> Ethernet adapter Local Area Connection 1:
>>>>> Connection-specific DNS Suffix . :
>>>>> Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II
>>>>> GigE
>>>>> Physical Address. . . . . . . . . : 00-1E-4F-2F-64-E3
>>>>> DHCP Enabled. . . . . . . . . . . : No
>>>>> Autoconfiguration Enabled . . . . : Yes
>>>>> Link-local IPv6 Address . . . . . :
>>>>> fe80::c883:19c6:61c0:8195%16(Preferred)
>>>>> IPv4 Address. . . . . . . . . . . : 192.168.33.39(Preferred)
>>>>> Subnet Mask . . . . . . . . . . . : 255.255.252.0
>>>>> Default Gateway . . . . . . . . . : 192.168.33.3
>>>>> DNS Servers . . . . . . . . . . . : 192.168.33.103
>>>>> 192.168.33.104
>>>>> NetBIOS over Tcpip. . . . . . . . : Enabled
>>>>> netdiag /v
>>>>> =============================
>>>>> Are you sure you want me to post this? This command returned over
>>>>> 4500
>>>>> lines
>>>>> of text.....
>>>>> Thanks
>>>>> Brad
>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in message
>>>>> news: .com...
>>>>>> Hello Brad,
>>>>>>
>>>>>> Make sure the machine is correct registered in your DNS zones.
>>>>>> Please post an unedited ipconfig /all from the existing DC's and
>>>>>> the 2008 machine with the error.
>>>>>>
>>>>>> Assuming that you use private ip ranges there is noproblem to
>>>>>> post them here. 10.x.x.x 172.x.x.x or 192.168.x.x are not
>>>>>> accessible form outside.
>>>>>>
>>>>>> Also run netdiag /v and post the output also.
>>>>>>
>>>>>> Best regards
>>>>>>
>>>>>> Meinolf Weber
>>>>>> Disclaimer: This posting is provided "AS IS" with no warranties,
>>>>>> and
>>>>>> confers no rights.
>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>> ** HELP us help YOU!!!
>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>> Below is the output of the event log. Obviously I scrubbed some
>>>>>>> of the data below (such as the PC names, domain controller
>>>>>>> names, domain name, ip addresses and other sensitive
>>>>>>> information). But the event ID, and failure codes are still
>>>>>>> as-is etc.
>>>>>>>
>>>>>>> Thanks
>>>>>>> Brad
>>>>>>> Event Type: Failure Audit
>>>>>>> Event Source: Security
>>>>>>> Event Category: Account Logon
>>>>>>> Event ID: 675
>>>>>>> Date: 2/18/2009
>>>>>>> Time: 12:06:19 AM
>>>>>>> User: NT AUTHORITY\SYSTEM
>>>>>>> Computer: DOMAINCONTROLLER
>>>>>>> Description:
>>>>>>> Pre-authentication failed:
>>>>>>> User Name: WIN2K8SERVER$
>>>>>>> User ID: DOMAIN\WIN2K8SERVER$
>>>>>>> Service Name: krbtgt/DOMAIN.NET
>>>>>>> Pre-Authentication Type: 0x0
>>>>>>> Failure Code: 0x19
>>>>>>> Client Address: 123.123.123.123
>>>>>>> For more information, see Help and Support Center at
>>>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>>>> "Meinolf Weber [MVP-DS]" <meiweb(nospam)@gmx.de> wrote in
>>>>>>> message
>>>>>>> news: .com...
>>>>>>>> Hello Brad,
>>>>>>>>
>>>>>>>> Please post the complete event viewer entry.
>>>>>>>>
>>>>>>>> Best regards
>>>>>>>>
>>>>>>>> Meinolf Weber
>>>>>>>> Disclaimer: This posting is provided "AS IS" with no
>>>>>>>> warranties,
>>>>>>>> and
>>>>>>>> confers no rights.
>>>>>>>> ** Please do NOT email, only reply to Newsgroups
>>>>>>>> ** HELP us help YOU!!!
>>>>>>>> http://www.blakjak.demon.co.uk/mul_crss.htm
>>>>>>>>> We are seeing errors similar to the following on our domain
>>>>>>>>> controllers for all of our Windows 2008 (x86 and x64) servers:
>>>>>>>>>
>>>>>>>>> Pre-authentication failed:
>>>>>>>>> User Name: SERVERNAME$
>>>>>>>>> User ID: DOMAIN\SERVERNAME$
>>>>>>>>> Service Name: krbtgt/DOMAIN.COM
>>>>>>>>> Pre-Authentication Type: 0x0
>>>>>>>>> Failure Code: 0x19
>>>>>>>>> Client Address: SERVER IP
>>>>>>>>> Our active directory domain consists of two windows 2003 R2
>>>>>>>>> x64
>>>>>>>>> domain
>>>>>>>>> controllers (if that matters).
>>>>>>>>> I've done some searching online and found several other people
>>>>>>>>> seeing similar errors with Windows Vista but no really good
>>>>>>>>> explanation of what's causing them. The best I can find is a
>>>>>>>>> work
>>>>>>>>> around which suggests
>>>>>>>>> 1. On the domain controller, run "adsiedit.msc"
>>>>>>>>> 2. Locate the computer accounts DOMAIN\EXC$ under the Domain
>>>>>>>>> partition.
>>>>>>>>> 3. Right-click on "DOMAIN\EXC$", click Properties.
>>>>>>>>> 4. Then locate the attribute "UserAccountControl" in the
>>>>>>>>> Attributes
>>>>>>>>> list.
>>>>>>>>> Click Edit.
>>>>>>>>> 5. Modify the value to original value plus 4194304. For
>>>>>>>>> example,
>>>>>>>>> if
>>>>>>>>> the
>>>>>>>>> original value is 512, the new value should be
>>>>>>>>> 512+4194304=4194816
>>>>>>>>> 6. Click OK, click Apply, and click OK.
>>>>>>>>> 7. Quit ADSI Edit. Then you can check if the event 675 stops
>>>>>>>>> for
>>>>>>>>> these
>>>>>>>>> accounts.
>>>>>>>>> I've done this and it does seem to resolve the issue but I
>>>>>>>>> don't
>>>>>>>>> want
>>>>>>>>> to be having to do this for each and every new Windows 2008
>>>>>>>>> server
>>>>>>>>> we
>>>>>>>>> introduce into active directory. Surely there must be some
>>>>>>>>> logical
>>>>>>>>> explanation for what's causing these entries and how we can
>>>>>>>>> stop
>>>>>>>>> them
>>>>>>>>> without the elaborate work around above?
>>>>>>>>> If anyone has any suggestions or ideas, please let me know.
>>>>>>>>> Thanks
>>>>>>>>> Brad