Hi Vit
1. Event ID 529
This happens when the other domain controller on your network are out of
resources. You have to check all the domains on the network and validate
the users.
Check all the servers in the domain that validate user accounts for:
servers that are running out of disk space.
servers that have stopped responding (this may mean actually visiting the
server).
servers that report Event IDs stating they have not been able to
synchronize with the PDC. The server will report that insufficient system
resources exist to complete the requested service.
After you find the domain controller with insufficient system resources,
you may either take that server offline, so that it is not involved in the
validation process, or fix the resource problem and re-synchronize the
domain controller with its PDC. If the problem persists, you may need to
take a trace of the Windows 95 computer while it is trying to log on to the
domain to help further identify problem areas.
http://support.microsoft.com/default.aspx?scid=kb;en-us;150530
2. Event id 681
When you get Event id 681 and 529 together
This problem occurs because the Windows 2000-based server rejects your
logon password when the client computer does not correctly de-allocate an
internal structure that is used to track the logon session. The client
attempts to reuse the expired encryption key that is passed to it by the
server during the original logon.
This problem does not occur in conjunction with Microsoft Windows NT-based
clients because the client does not attempt to use Distributed File System
(DFS) because the session that is reused is against a DFS referral from the
Windows 95-based or Windows 98-based client
Microsoft has released a patch . You need to contact Microsoft for getting
this fix ,However you will be charged for it, There is a work around for
this issue
Restart the client.
Start Winipcfg.exe and release the Dynamic Host Configuration Protocol
(DHCP) information and renew it.
Open the share in Network Neighborhood.
Use the net use command at a command prompt on the original Windows
2000-based server. - or -
Click Start, click Run, and then type \\servername, where servername is the
name of your server.
http://support.microsoft.com/default.aspx?kbid=272594
3. Event id 675 and 681 and 529
This is because of account lockups
http://support.microsoft.com/default.aspx?scid=kb;en-us;824209&Product=winsv
r2003
Thanks
Sriram.V
(e-mail address removed)
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "Vit Knyshevich" <
[email protected]>
| Subject: DC cannot connect to itself
| Date: Thu, 27 May 2004 21:51:11 +0400
| Lines: 36
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
| Message-ID: <
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: mail.nd.ru 212.16.7.210
| Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12
.phx.gbl
| Xref: cpmsftngxa10.phx.gbl microsoft.public.win2000.active_directory:80607
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Hi,
| After I've restored AD from backup I find a lot of security events with
| EventID 529, 681 and 675:
|
| EventID 529
| Logon Failure:
| Reason: Unknown user name or bad password
| User Name: SERVER$
| Domain: DOMAIN
| Logon Type: 3
| Logon Process: NtLmSsp
| Authentication Package: NTLM
| Workstation Name: SERVER
|
| EventID 681
| The logon to account: SERVER$
| by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
| from workstation: SERVER
| failed. The error code was: 3221225578
|
| Event 675
| Pre-authentication failed:
| User Name: SERVER$
| User ID: DOMAIN\SERVER$
| Service Name: krbtgt/DOMAIN
| Pre-Authentication Type: 0x2
| Failure Code: 0x18
| Client Address: 127.0.0.1
|
| SERVER is DC. I see DC can't connect to itself because of bad password. I
| guess it's something abnormal. What it could be? How to fix that?
|
| Best regards,
| Vit Knyshevich.
|
|
|
