Announcement

Collapse
No announcement yet.

Event 566 - Directory Service Access

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Event 566 - Directory Service Access

    Hi guys

    Been getting this for a while now, seems to have no affects on the workstations but gives me plenty of security log entires when a computer logs in.

    http://pastie.org/private/jtgci2pwdsnb2jqaijrog

    I get two of these, 1 with access mask 0x8 and one with 0x20 at the bottom.

    Scavaging is not currently setup and there are a few stale/multiple records for some ips/hosts.

    Any ideas? Not getting a great deal from looking around- apart from trying to add the DHCP server to the dnsupdateproxy global group which comes with it's security risks.

  • #2
    Re: Event 566 - Directory Service Access

    Cheeky bump

    Comment


    • #3
      Re: Event 566 - Directory Service Access

      Please do not bump messages.

      Comment


      • #4
        Re: Event 566 - Directory Service Access

        i'd scavenge all your records, and then try deleting the specific record that's causing an issue here.. see what happens.
        Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

        Comment


        • #5
          Re: Event 566 - Directory Service Access

          Originally posted by ethos View Post
          Hi guys

          Been getting this for a while now, seems to have no affects on the workstations but gives me plenty of security log entires when a computer logs in.

          http://pastie.org/private/jtgci2pwdsnb2jqaijrog

          I get two of these, 1 with access mask 0x8 and one with 0x20 at the bottom.

          Scavaging is not currently setup and there are a few stale/multiple records for some ips/hosts.

          Any ideas? Not getting a great deal from looking around- apart from trying to add the DHCP server to the dnsupdateproxy global group which comes with it's security risks.
          I don't think this has got anything to do with scananging. This event is logged in windows 2003 DC if Directory services access auditing policy is enabled.
          I'd just disable the policy unless you are looking for some specific logs otherwise you'd be swamped with those type of events.

          Ta
          Caesar's cipher - 3

          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

          SFX JNRS FC U6 MNGR

          Comment


          • #6
            Re: Event 566 - Directory Service Access

            My concern is to why they are failing in the first place. I'd rather find the cause instead of simply covering up the issue by disabling the GPO option.

            Comment


            • #7
              Re: Event 566 - Directory Service Access

              Originally posted by ethos View Post
              My concern is to why they are failing in the first place. I'd rather find the cause instead of simply covering up the issue by disabling the GPO option.
              As I said, I personally enable that policy to do some further troubleshooting.
              Are you actually having any DNS issues and have you got Dynamic DNS updates enabled?
              Caesar's cipher - 3

              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

              SFX JNRS FC U6 MNGR

              Comment


              • #8
                Re: Event 566 - Directory Service Access

                Having no DNS issues, apart from the fact there are some duplicate records in DNS but this is purely down to scavenging not being enabled.

                DHCP is set to update A and PRT records if the DHCP client requests...

                Comment


                • #9
                  Re: Event 566 - Directory Service Access

                  Originally posted by ethos View Post
                  DHCP is set to update A and PRT records if the DHCP client requests...
                  How about on the DNS zone itself, Have you got DDNS (Dynamic Updates) enabled?
                  Caesar's cipher - 3

                  ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                  SFX JNRS FC U6 MNGR

                  Comment


                  • #10
                    Re: Event 566 - Directory Service Access

                    Originally posted by L4ndy View Post
                    How about on the DNS zone itself, Have you got DDNS (Dynamic Updates) enabled?
                    Yep for secure and non-secure.

                    Comment


                    • #11
                      Re: Event 566 - Directory Service Access

                      Have you added the DHCP server to the DNSUpdateProxy group? (Only do that if the DHCP server service is not running in your DC).
                      Caesar's cipher - 3

                      ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                      SFX JNRS FC U6 MNGR

                      Comment


                      • #12
                        Re: Event 566 - Directory Service Access

                        Originally posted by L4ndy View Post
                        Have you added the DHCP server to the DNSUpdateProxy group? (Only do that if the DHCP server service is not running in your DC).
                        I did look into this, our DHCP server is running on our DC though...

                        Comment


                        • #13
                          Re: Event 566 - Directory Service Access

                          Ok, here is my thought on this. Since you are saying that the DHCP server is still updating the DNS records then there are no issues. The events are logged by Machine accounts trying to register its DNS records. But if you have setup the DHCP server to perform the update, then I think DHCP uses the system account to be the owner of the AD object and any other attempt by the client to update the object will fail as it's not listed on the ACL.
                          I wouldn't worry about these events but it might be a good Idea if you uncheck (Untick) the Register this connection's addresses in DNS option in the client machines. That way the clients won't attempt to register, only the DHCP server will.
                          To test it just Pick one of the computer accounts logged and see if the event will reappear.
                          Caesar's cipher - 3

                          ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                          SFX JNRS FC U6 MNGR

                          Comment


                          • #14
                            Re: Event 566 - Directory Service Access

                            L4ndy, I've tested your theory which seems spot on.

                            It's strange how this has only started happening in the last 6 months as nothing should have changed...

                            Thanks

                            Comment


                            • #15
                              Re: Event 566 - Directory Service Access

                              Glad to be of any help! Thanks for posting back with the results.
                              Caesar's cipher - 3

                              ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                              SFX JNRS FC U6 MNGR

                              Comment

                              Working...
                              X