Announcement

Collapse
No announcement yet.

Event 672 on Windows Server 2003

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Event 672 on Windows Server 2003

    Hi All,
    I've looked at many sites/forums about this error and can't seem to figure out what's causing this. I constantly get this event logged in our server for various users. Thing is, when this event was logged, none of them were logging into anything.

    We have 1 DC, 2 other 2k3 servers, and 1 ESX server hosting 3 2k3 terminal servers.

    The events were all logged with the clients' computer address. We have a mixture of Windows XP Pro and Windows 7 Pro client computers.

    Any idea? Let me know if you need further info from me.

    Thank you,
    Kevin

  • #2
    Re: Event 672 on Windows Server 2003

    Scheduled tasks using credentials that are out of date?

    A copy'n'paste of the event details would be useful so we don't have to run off looking up the event in order to understand your question.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Re: Event 672 on Windows Server 2003

      Hello,
      Here's a screen shot of the error from the event log. The server in question is a DC. The error seems to come in combination of 2 or 4 per user.

      Thanks,
      Kevin
      Attached Files

      Comment


      • #4
        Re: Event 672 on Windows Server 2003

        0x19 - the first time I saw this was soon after I joined our first Vista client to our domain. It was also authenticating to a W2k3 DC. I turned off the pre-authentication requirement for the account as I too could not find anything about it. The account was a service account used by our security software.
        A recent poll suggests that 6 out of 7 dwarfs are not happy

        Comment


        • #5
          Re: Event 672 on Windows Server 2003

          I turned that off too on my account as it was happening with my account as well and I still see the message. It's driving me nuts although it doesn't seem to be causing any issues at the moment.

          Comment


          • #6
            Re: Event 672 on Windows Server 2003

            In addition to 0x19, I also get 0x6 (failure audit - authentication ticket request)

            Comment


            • #7
              Re: Event 672 on Windows Server 2003

              I think I may have some lead. We do not have Exchange server in-house but we have a hosted Exchange service from a 3rd party vendor. The failure audit errors all show [email protected] rather than [email protected]. Further to that, it seems to only happen to users running Outlook 2007 or newer. Outlook 2003 users don't seem to generate any failure audits on the server.
              Last edited by klee522; 12th August 2011, 22:06.

              Comment


              • #8
                Re: Event 672 on Windows Server 2003

                Do you think it might be caused by W2k3 not being able to recognise the authentication procedures used by the post 2003 software? I see Kerberos errors (KDC) in my W2k3 server when Vista/Win7 clients connect. Part of their authentication is a foriegn language as far as W2k3 is concerned.

                I might be wrong but my gut instinct tells me that this is error may not mean there is a problem but that the two sides are unable to talk to each other in an understandable way.

                This is why I disabled pre-authentication on the security account. I am pretty sure I have other errors relating to this, but without expert diagnosis of the situation, and a lack of information about this I am happy to ignore them. I think that if it was a genuine problem we would see some serious consequences.

                I bet that if my entire network was Win-7 and W2k8 R2 these errors would not be logged.
                A recent poll suggests that 6 out of 7 dwarfs are not happy

                Comment


                • #9
                  Re: Event 672 on Windows Server 2003

                  It definitely has something to do with how Outlook 2007/2010 passes the authentication. It can't be DNS as that would generate errors for all users. For now, like you said, it's probably something that is safe to ignore.

                  Comment

                  Working...
                  X