K
kripes
I am running a Windows 2000 domain with Windows 2003 servers which are locked
down for security compliance (DCOM changes are involved). Only when services
that are always set to Manual except when needed, like Liveupdate from
Symantec or WinHTTP Web Proxy Auto-discovery, 537 events are logged to the
event log. I have pasted an example below. Does anyone know why these are
occurring?
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 6/11/2009
Time: 9:15:19 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: SERVER
Status code: 0xC000040A
Substatus code: 0x0
Caller User Name: SERVER$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 972
Transited Services: -
Source Network Address: -
Source Port: -
down for security compliance (DCOM changes are involved). Only when services
that are always set to Manual except when needed, like Liveupdate from
Symantec or WinHTTP Web Proxy Auto-discovery, 537 events are logged to the
event log. I have pasted an example below. Does anyone know why these are
occurring?
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 6/11/2009
Time: 9:15:19 AM
User: NT AUTHORITY\SYSTEM
Computer: SERVER
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: SERVER
Status code: 0xC000040A
Substatus code: 0x0
Caller User Name: SERVER$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 972
Transited Services: -
Source Network Address: -
Source Port: -