Announcement

Collapse
No announcement yet.

Continous Failure Audit Event ID 672

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Continous Failure Audit Event ID 672

    Hi

    i am getting the following security log in my domain controller from a particular network.(10.12.4.x). I am getting this log from many workstations from the above mentioned network.

    My Domain setup is
    Windows 2003 Native Mode
    Workstations running in Windows XP Professional.
    Domain Name : mydomain.com

    Authentication Ticket Request:
    User Name: administrator
    Supplied Realm Name: mydomain.com
    User ID: -
    Service Name: krbtgt/MYDOMAIN.COM
    Service ID: -
    Ticket Options: 0x40810010
    Result Code: 0x12
    Ticket Encryption Type: -
    Pre-Authentication Type: -
    Client Address: 10.12.4.89
    Certificate Issuer Name:
    Certificate Serial Number:
    Certificate Thumbprint:

    Can any one plz help me to fix this issue.
    Regards,
    Venkatesan S

  • #2
    Re: Continous Failure Audit Event ID 672

    Hii

    Sounds like the kerberos tickets are not granted access..There may be plenty of possibilities..

    >May be ur being hacked...Make sure ur firewall and stuff is in place...
    >Have we migrated these accounts from NT domain...if yes then delete the SIDs of accounts
    >R we using any domain account to start services..or schedule tasks..make sure they have the right credentials.
    >Another possibility is rare..but have u renamed the administrator..though we see the account in the logs u posted...

    Regards

    Fazal
    Fazal Zaidi
    MCITP-Windows 2008,Exchange 2010,MCTS-Exchange 2007,2010,Lync 2010,MCSE-2000,2003,MCSA-2003,2008,2012,MCP,MCSE -Messaging 2013,ITIL

    Comment


    • #3
      Re: Continous Failure Audit Event ID 672

      Hi faizy,

      1. My domain is not migrated from NT
      2. We are having firewall configured in our network only the required ports are opened.
      3.I have checked the DC there is no scheduled task in there
      Regards,
      Venkatesan S

      Comment


      • #4
        Re: Continous Failure Audit Event ID 672

        0x12 maps to KDC_ERR_CLIENT_REVOKED

        Do you have user accounts with time restrictions or "Logon to <list of computers>" configured ?
        Guy Teverovsky
        "Smith & Wesson - the original point and click interface"

        Comment


        • #5
          Re: Continous Failure Audit Event ID 672

          Hi Guyt

          No there is no configuration like that
          Regards,
          Venkatesan S

          Comment


          • #6
            Re: Continous Failure Audit Event ID 672

            Hi,

            Is there is any possibility this error because of virus attack, because the client pc's shown in the log are from a particular network only.
            Regards,
            Venkatesan S

            Comment


            • #7
              Re: Continous Failure Audit Event ID 672

              Hi,

              The issue is because of the virus on that particular network. W32.Randex.F worm cause the problem. After update the latest update of Mcafee and scan the workstations the issue is fixed.
              Regards,
              Venkatesan S

              Comment

              Working...
              X