Event ID: 537 Kerberos

Printable View

29-07-2005
Evan

Event ID: 537 Kerberos

Greetings

I'm getting the following error on
My windows 2003 member servers when I log on with
my Domain Admin account
Domain is a Windows 2000 Domain
I think this happened after SP1 was installed on the member servers

I did find that the Status code: 0xC000040A
relates to
STATUS_NO_S4U_PROT_SUPPORT

However I cannot find much info on this

Any input would be appreciated

Thanks

- Evan

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 7/28/2005
Time: 8:01:46 PM
User: NT AUTHORITY\SYSTEM
Computer: SERVER-2
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: SERVER-2
Status code: 0xC000040A
Substatus code: 0x0
Caller User Name: SERVER-2$
Caller Domain: XYZ
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 1004
Transited Services: -
Source Network Address: -
Source Port: -
29-07-2005
Richard Oltmann

Re: Event ID: 537 Kerberos

try this link and see if any of this is helpful
http://www.eventid.net/display.asp?e...curity&phase=1
Richard
"Evan" <ewgny@hotmail.com> wrote in message
news:OaDaHQ9kFHA.2444@tk2msftngp13.phx.gbl...
> Greetings
>
> I'm getting the following error on
> My windows 2003 member servers when I log on with
> my Domain Admin account
> Domain is a Windows 2000 Domain
> I think this happened after SP1 was installed on the member servers
>
> I did find that the Status code: 0xC000040A
> relates to
> STATUS_NO_S4U_PROT_SUPPORT
>
> However I cannot find much info on this
>
> Any input would be appreciated
>
> Thanks
>
> - Evan
>
>
>
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 537
> Date: 7/28/2005
> Time: 8:01:46 PM
> User: NT AUTHORITY\SYSTEM
> Computer: SERVER-2
> Description:
> Logon Failure:
> Reason: An error occurred during logon
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Authz
> Authentication Package: Kerberos
> Workstation Name: SERVER-2
> Status code: 0xC000040A
> Substatus code: 0x0
> Caller User Name: SERVER-2$
> Caller Domain: XYZ
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1004
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
>
>
>
>
29-07-2005
Evan

Re: Event ID: 537 Kerberos

Thanks for the response Richard
I've combed over eventid.net prior to posting here and haven't found
anything
The strange thing is that the event ID 537 comes up on the member server
not the Domain controller's event log to which my user account is
authenticating to.
This makes me think that the windows 2000 DC accepts the kerberos
authentication,
however the Windows 2003 member server expects more from the token than what
the Windows 2000 DC can return to it.

I'm thinking that the Windows 2003 kerberos is not the same as the windows
2000 kerberos
hence the return code of: STATUS_NO_S4U_PROT_SUPPORT

- Evan

"Richard Oltmann" <roltmann62@hotmail.com> wrote in message
news:%23n$3TY9kFHA.3936@TK2MSFTNGP10.phx.gbl...
> try this link and see if any of this is helpful
> http://www.eventid.net/display.asp?e...curity&phase=1
> Richard
> "Evan" <ewgny@hotmail.com> wrote in message
> news:OaDaHQ9kFHA.2444@tk2msftngp13.phx.gbl...
>> Greetings
>>
>> I'm getting the following error on
>> My windows 2003 member servers when I log on with
>> my Domain Admin account
>> Domain is a Windows 2000 Domain
>> I think this happened after SP1 was installed on the member servers
>>
>> I did find that the Status code: 0xC000040A
>> relates to
>> STATUS_NO_S4U_PROT_SUPPORT
>>
>> However I cannot find much info on this
>>
>> Any input would be appreciated
>>
>> Thanks
>>
>> - Evan
>>
>>
>>
>>
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Logon/Logoff
>> Event ID: 537
>> Date: 7/28/2005
>> Time: 8:01:46 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: SERVER-2
>> Description:
>> Logon Failure:
>> Reason: An error occurred during logon
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Authz
>> Authentication Package: Kerberos
>> Workstation Name: SERVER-2
>> Status code: 0xC000040A
>> Substatus code: 0x0
>> Caller User Name: SERVER-2$
>> Caller Domain: XYZ
>> Caller Logon ID: (0x0,0x3E7)
>> Caller Process ID: 1004
>> Transited Services: -
>> Source Network Address: -
>> Source Port: -
>>
>>
>>
>>
>>
>
>
09-12-2005
bonealwf

Re: Event ID: 537 Kerberos

We had similar errors after applying Windows Server 03 SP1; I noticed that I could reproduce the errors after kicking off Diskeeper (version 8 I think) on the server. Executive software said they couldnt reproduce the error so I started looking elsewhere, and got nowhere. As you may have noticed there are not a lot of hits on this topic in the wild. I think we reduced about ninety something percent of the messages today, and the fix was two part.
First set the Windows Firewall from disabled to manual. That alone didnt fix it for me, but then updating Diskeeper to version 10 did seem to fix it. Firing off Diskeeper now does NOT trigger a million security entries.
I had thought it was a local system issue, but adding a domain account to Diskeeper did not fix the problem either (as in firing the service via a domain account). Diskeeper has a white paper out about some firewall config changes now also.
22-10-2006
model

Re: Event ID: 537 Kerberos

Can anyone clarify if whether the 2000 and 2003 kerberos are the same?