Re: Event ID: 537 Kerberos
try this link and see if any of this is helpful
http://www.eventid.net/display.asp?e...curity&phase=1
Richard
"Evan" <ewgny@hotmail.com> wrote in message
news:OaDaHQ9kFHA.2444@tk2msftngp13.phx.gbl...
> Greetings
>
> I'm getting the following error on
> My windows 2003 member servers when I log on with
> my Domain Admin account
> Domain is a Windows 2000 Domain
> I think this happened after SP1 was installed on the member servers
>
> I did find that the Status code: 0xC000040A
> relates to
> STATUS_NO_S4U_PROT_SUPPORT
>
> However I cannot find much info on this
>
> Any input would be appreciated
>
> Thanks
>
> - Evan
>
>
>
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 537
> Date: 7/28/2005
> Time: 8:01:46 PM
> User: NT AUTHORITY\SYSTEM
> Computer: SERVER-2
> Description:
> Logon Failure:
> Reason: An error occurred during logon
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Authz
> Authentication Package: Kerberos
> Workstation Name: SERVER-2
> Status code: 0xC000040A
> Substatus code: 0x0
> Caller User Name: SERVER-2$
> Caller Domain: XYZ
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1004
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
>
>
>
>
Re: Event ID: 537 Kerberos
Thanks for the response Richard
I've combed over eventid.net prior to posting here and haven't found
anything
The strange thing is that the event ID 537 comes up on the member server
not the Domain controller's event log to which my user account is
authenticating to.
This makes me think that the windows 2000 DC accepts the kerberos
authentication,
however the Windows 2003 member server expects more from the token than what
the Windows 2000 DC can return to it.
I'm thinking that the Windows 2003 kerberos is not the same as the windows
2000 kerberos
hence the return code of: STATUS_NO_S4U_PROT_SUPPORT
- Evan
"Richard Oltmann" <roltmann62@hotmail.com> wrote in message
news:%23n$3TY9kFHA.3936@TK2MSFTNGP10.phx.gbl...
> try this link and see if any of this is helpful
> http://www.eventid.net/display.asp?e...curity&phase=1
> Richard
> "Evan" <ewgny@hotmail.com> wrote in message
> news:OaDaHQ9kFHA.2444@tk2msftngp13.phx.gbl...
>> Greetings
>>
>> I'm getting the following error on
>> My windows 2003 member servers when I log on with
>> my Domain Admin account
>> Domain is a Windows 2000 Domain
>> I think this happened after SP1 was installed on the member servers
>>
>> I did find that the Status code: 0xC000040A
>> relates to
>> STATUS_NO_S4U_PROT_SUPPORT
>>
>> However I cannot find much info on this
>>
>> Any input would be appreciated
>>
>> Thanks
>>
>> - Evan
>>
>>
>>
>>
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Logon/Logoff
>> Event ID: 537
>> Date: 7/28/2005
>> Time: 8:01:46 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: SERVER-2
>> Description:
>> Logon Failure:
>> Reason: An error occurred during logon
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Authz
>> Authentication Package: Kerberos
>> Workstation Name: SERVER-2
>> Status code: 0xC000040A
>> Substatus code: 0x0
>> Caller User Name: SERVER-2$
>> Caller Domain: XYZ
>> Caller Logon ID: (0x0,0x3E7)
>> Caller Process ID: 1004
>> Transited Services: -
>> Source Network Address: -
>> Source Port: -
>>
>>
>>
>>
>>
>
>
Re: Event ID: 537 Kerberos
We had similar errors after applying Windows Server 03 SP1; I noticed that I could reproduce the errors after kicking off Diskeeper (version 8 I think) on the server. Executive software said they couldnt reproduce the error so I started looking elsewhere, and got nowhere. As you may have noticed there are not a lot of hits on this topic in the wild. I think we reduced about ninety something percent of the messages today, and the fix was two part.
First set the Windows Firewall from disabled to manual. That alone didnt fix it for me, but then updating Diskeeper to version 10 did seem to fix it. Firing off Diskeeper now does NOT trigger a million security entries.
I had thought it was a local system issue, but adding a domain account to Diskeeper did not fix the problem either (as in firing the service via a domain account). Diskeeper has a white paper out about some firewall config changes now also.
Re: Event ID: 537 Kerberos
Can anyone clarify if whether the 2000 and 2003 kerberos are the same?