Hello, In a recently deployed server farm in a DMZ, we are having occasional authentication issues. Here is a bit of detail about the environment. Servers are all W2008R2 SP1. In a DMZ with a local RODC. App concerned is IIS with Windows authentication. What we see from time to time is a failure of Windows authentication - users are prompted for username and password. We see a corresponding event 4625: Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 20/05/2011 06:08:33 Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: xxxxxxxxxxxxx Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: xxxxxx Account Domain: xxxxxx Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc0000371 We're particularly interested in the 0xc0000371 code which I understand is STATUS_NO_SECRETS, but what does that indicate? When we have seen this issue, in one case it was solved by a reboot of the member server, the other case seemed to resolve itself after a few minutes.

Hello, I have no idea about Status: 0xc0000371. All what I know is that this error may be caused due to: A username that does not exist Wrong password a locked out user An account that is disabled For more information, I suggest posting in Security forums or contact Microsoft PSS. Security forums: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads http://social.technet.microsoft.com/Forums/en-US/ocssecurity/threads This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration

Take a look at below link. Authentication fails when an external client tries to log on to a Windows Server 2008 server by using a read-only domain controller in a perimeter network http://support.microsoft.com/kb/977510 http://blogs.technet.com/b/instan/archive/2009/03/24/troubleshooting-rodc-s-troubleshooting-rodc-location-in-the-dmz.aspx RODC known Issues http://technet.microsoft.com/it-it/library/cc725669%28WS.10%29.aspx Awinish Vishwakarma| CHECK MY BLOG Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

After some more investigation, we suspect this is an issue due to replication of Computer account passwords causing NTLM to fail. We think 0xc0000371 might back this up, but can't find anything to give a more detailed explanation as to what this code means.

Can you check the article posted, it looks to be its known issue & work around has been suggested. Awinish Vishwakarma| CHECK MY BLOG Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Have you considered installing http://support.microsoft.com/kb/2157973 hth Marcin