Click here to get back home

673 Failure Audit appears several times per day
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
673 Failure Audit appears several times per day Spin 12-10-2005
Posted by Spin on December 10, 2005, 11:46 pm
Please log in for more thread options
 Experts,

Running Windows Server 2003 SP1. This system is an internal DC (hosting no
web sites, has no SQL server, etc...). It does run SUS and has Remote
Desktop enabled. Anyway a couple times each day the Security event log
generates the below Failure Audits. Does anyone have a clue as to how I
should troubleshoot this? The User in the main Event ID area is User: NT
AUTHORITY\SYSTEM and in the Description pane below the "User Name:" is
usually blank. When it is not blank it is either my logon ID or the domain
admins login ID. The Client Address is also always the admin workstation
(which has no viruses) I primarily use.

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 673
Date: 12/1/2005
Time: 2:45:23 PM
User: NT AUTHORITY\SYSTEM
Computer: TERMINAL-SERVER
Description:

Service Ticket Request:
User Name:
User Domain:
Service Name:
Service ID: -
Ticket Options: 0x2
Ticket Encryption Type: -
Client Address: 192.168.1.15
Failure Code: 0x20
Logon GUID: -
Transited Services: -

--
Spin



Posted by Neil Ruston on December 12, 2005, 4:10 am
Please log in for more thread options
 Have a read here:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/monitor/logevnts.mspx

http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/d8fc798c-1e77-4043-b59c-971b4961d85a.mspx

neil




"Spin" wrote:

> Experts,
>
> Running Windows Server 2003 SP1. This system is an internal DC (hosting no
> web sites, has no SQL server, etc...). It does run SUS and has Remote
> Desktop enabled. Anyway a couple times each day the Security event log
> generates the below Failure Audits. Does anyone have a clue as to how I
> should troubleshoot this? The User in the main Event ID area is User: NT
> AUTHORITY\SYSTEM and in the Description pane below the "User Name:" is
> usually blank. When it is not blank it is either my logon ID or the domain
> admins login ID. The Client Address is also always the admin workstation
> (which has no viruses) I primarily use.
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 673
> Date: 12/1/2005
> Time: 2:45:23 PM
> User: NT AUTHORITY\SYSTEM
> Computer: TERMINAL-SERVER
> Description:
>
> Service Ticket Request:
> User Name:
> User Domain:
> Service Name:
> Service ID: -
> Ticket Options: 0x2
> Ticket Encryption Type: -
> Client Address: 192.168.1.15
> Failure Code: 0x20
> Logon GUID: -
> Transited Services: -
>
> --
> Spin
>
>
>

Similar ThreadsPosted
Services Security Failure Audit October 29, 2005, 2:09 pm
Object Access Failure Audit June 12, 2006, 10:37 am
Meaning of This Failure Audit EventID 560 March 17, 2007, 2:23 am
Sourcing security failure audit id: 529 Windows server 2003 March 7, 2007, 9:14 am
Been hacked about 4 times now. Wanna be the 5th? June 2, 2006, 8:59 pm
Specify Allowed Times for users to log on April 10, 2008, 11:17 pm
capture and record login times December 8, 2005, 10:50 am
Limiting Login Times on Particular Machines May 6, 2006, 8:08 pm
MSDTC Security Log Failure Audits October 29, 2005, 6:41 pm
Security Failure Audits - hackers? March 16, 2006, 5:28 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap