Authentication issues 4625 errors
Hello,
In a recently deployed server farm in a DMZ, we are having occasional authentication issues. Here is a bit of detail about the environment.
Servers are all W2008R2 SP1. In a DMZ with a local RODC. App concerned is IIS with Windows authentication.
What we see from time to time is a failure of Windows authentication - users are prompted for username and password. We see a corresponding event 4625:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 20/05/2011 06:08:33
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: xxxxxxxxxxxxx
Description:
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: xxxxxx
Account Domain: xxxxxx
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc0000371
We're particularly interested in the 0xc0000371 code which I understand is STATUS_NO_SECRETS, but what does that indicate? When we have seen this issue, in one case it was solved by a reboot of the member server, the other case seemed to resolve itself
after a few minutes.
May 23rd, 2011 4:14am
Hello,
I have no idea about Status: 0xc0000371.
All what I know is that this error may be caused due to:
A username that does not exist Wrong password a locked out user An account that is disabled
For more information, I suggest posting in Security forums or contact Microsoft PSS.
Security forums:
http://social.technet.microsoft.com/Forums/en-US/winserversecurity/threads
http://social.technet.microsoft.com/Forums/en-US/ocssecurity/threads
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft
Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 4:23am
Take a look at below link.
Authentication fails when an external client tries to log on to a Windows Server 2008 server by using a read-only domain controller in a perimeter network
http://support.microsoft.com/kb/977510
http://blogs.technet.com/b/instan/archive/2009/03/24/troubleshooting-rodc-s-troubleshooting-rodc-location-in-the-dmz.aspx
RODC known Issues
http://technet.microsoft.com/it-it/library/cc725669%28WS.10%29.aspx
Awinish Vishwakarma| CHECK MY BLOG
Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
May 23rd, 2011 5:12am
After some more investigation, we suspect this is an issue due to replication of Computer account passwords causing NTLM to fail. We think 0xc0000371 might back this up, but can't find anything to give a more detailed explanation as to what this code
means.
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 6:01am
Can you check the article posted, it looks to be its known issue & work around has been suggested.
Awinish Vishwakarma| CHECK MY BLOG
Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.
May 23rd, 2011 6:58am
Have you considered installing
http://support.microsoft.com/kb/2157973
hth
Marcin
Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2011 8:09am