EventID 534: User has not been granted requested logon type

  • Thread starter Thread starter Will
  • Start date Start date
W

Will

In general I'm familiar with Event ID 534, which is a Security Eventviewer
log message that indicates that "the user has not been granted the requested
logon type at this machine". What is confusing me is that I frequently
see these eventids with a logon type of 3 (network logon) where the username
and domain are *blank*. Workstation name is also blank. I thought
that this might be an anonymous logon request, but what is all the more
perplexing is that the logon process is Kerberos.

What are the possible sources of such a request?
 
I see these messages on Windows 2000 Server SP4, and we have no XP clients
in our environment. Other ideas?
 
Not offhand Will. I will look around and post back if I find anything. ---
Steve
 
turn on netlogon logging to get more detail the next time it happens..

Location of the log file - %windir%\debug

Command Prompt setting - Enable from command prompt with "NLTEST
/DBFlag:2080FFFF"

Registry Location -
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Registry Setting - Add the REG_SZ value "DBFlag" and set it to
0x02080fff
 
Back
Top