Event id 675
Good day, I've been trying to resolve this matter for a couple of weeks now. I have recently turned on auditing on our 2003 domain. I seem to be getting thousands of messages about failure audit Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 6/27/2011 Time: 8:17:02 AM User: NT AUTHORITY\SYSTEM Computer: MHX1 Description: Pre-authentication failed: User Name: renmat User ID: CITY\renmat Service Name: krbtgt/CITY Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: x.x.x.x Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 6/27/2011 Time: 8:12:54 AM User: NT AUTHORITY\SYSTEM Computer: MHX1 Description: Pre-authentication failed: User Name: ambtho User ID: CITY\ambtho Service Name: krbtgt/CITY Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: x.x.x.x Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 6/27/2011 Time: 8:05:39 AM User: NT AUTHORITY\SYSTEM Computer: MHX1 Description: Pre-authentication failed: User Name: rantav User ID: CITY\rantav Service Name: krbtgt/CITY Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: x.x.x.x I am getting so many of these I've had to turn auditing off again. I've read alot of articles and post on site including this one. The issue is there all the solutions don't work for me. The failures are for machines as well, not just users. Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 675 Date: 6/27/2011 Time: 8:01:31 AM User: NT AUTHORITY\SYSTEM Computer: MHX1 Description: Pre-authentication failed: User Name: MHE5$ User ID: CITY\MHE5$ Service Name: krbtgt/CITY.domain.me.here PreAuthentication Type: 0x0 Failure Code: 0x19 Client Address: x.x.x.x I've look at these answers http://social.technet.microsoft.com/Forums/en/winserversecurity/thread/4db3bb1a-5cdf-4874-b58f-f3cbba0ea80a http://social.technet.microsoft.com/Forums/en/winservergen/thread/2b152af2-1cad-4c68-8516-c45b91655c00 http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/2f2905ff-e221-46fb-bf3b-d4141833ce66/ http://www.eventid.net/display.asp?eventid=675&eventno=62&source=Security&phase=1 http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675 This is only a small amount of links I've been to. Current configuration of domain Windows 2003 DC's x 3 Windows XP SP3 Clients x 1000+ Windows 2000 Clients/couple of member servers Windows 2008 member servers. Plan is to clean up AD and get migrated over to 2008 AD DS. Current funtionality of AD is 2003. Help if you can... humv
June 27th, 2011 7:24pm

have you checked virus? it may be hacked.
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2011 3:04pm

Multiple scans with different software packages and nothing... humv
June 30th, 2011 7:24pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics