G
Guest
I have two DC's in a small (150) user network. Clients are running XP or W2k.
The domain was upgraded some time ago from NT4.
On my 2 DC's I am receiving multiple security audit failures:
Event ID=675
The kerberos failure indicates a bad password (0x18) / pre-authentication
type 2.
Since Monday 9.30 am to Wednesday 12pm I have had approx 5200 events of this
type logged on one of the DC's. 4311 of them have been from one particular
user (user a). On the other DC, I have had 5918 events logged for another
user (user b) out of 6347.
There are mulitple failures every minute.
I have run netdiag which passed correclty and checked the dnshostname and
spn in AD. The other odd thing I noted was that the events were still being
logged despite the user not being logged into that particular workstation at
that time (I was logged in as admin).
I have not goone any further with this on the other workstation and would
appreciate any advice or ideas!
many thanks
The domain was upgraded some time ago from NT4.
On my 2 DC's I am receiving multiple security audit failures:
Event ID=675
The kerberos failure indicates a bad password (0x18) / pre-authentication
type 2.
Since Monday 9.30 am to Wednesday 12pm I have had approx 5200 events of this
type logged on one of the DC's. 4311 of them have been from one particular
user (user a). On the other DC, I have had 5918 events logged for another
user (user b) out of 6347.
There are mulitple failures every minute.
I have run netdiag which passed correclty and checked the dnshostname and
spn in AD. The other odd thing I noted was that the events were still being
logged despite the user not being logged into that particular workstation at
that time (I was logged in as admin).
I have not goone any further with this on the other workstation and would
appreciate any advice or ideas!
many thanks