I might as well ask, Event Viewer Failure audit Event ID 675

madboymadboy Member Posts: 18 ■□□□□□□□□□
Hey guys, if anybody here is a network admin or have studied Audits in Event Viewer, you might have some feedback for me.

I am basically seeing failure audit Event ID 675 quite a bit on my Domain Controller's Event Viewer (and the backup DC), even though people aren't typing in bad passwords, are logging in fine, and don't seem to be reporting any problems accessing system resources. Is there a reason why i am getting so many failure audits still? They are mostly Pre-authentication failed, 675 event ID, and the Pre-Authentication Type is sometimes 0x0, mostly 0x2 and the Failure Code is 0x20, 0x25, but mostly 0x18

The servers are Win 2003, and the clients are mostly XP. We also have a few Macs, and they generate the same failure event the most. However it is the XP machines i am initially trying to figure out.

Do i need to change something in Active Directly? Or is it something in Doman Security settings? I know we have Kerberos policy activated (enforce user logon restrictions enabled), max lifetime for service ticket 600m, max lifetime for user ticket 10 hours, max lifetime for user ticket renewal: 7 days

I've read a lot on Microsofts's knowledge base, but it seems to talk about 675 as if is mostly because of bad password... but i checked with a few users to see if they mistakenly keep entering a bad password, and they said no.

Here is the failure audit one more time. Any help would be appreciated.
*****************************************
Failure adit - event ID 675

Pre-authentication failed:
User Name: b******n
User ID: CTU\b*******n
Service Name: krbtgt/CTU
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 192.168.10.155

Comments

Sign In or Register to comment.