Security database on the server...

-

hello.

in company have 2x ad dc, primary working on windows server 2k3, additional working on windows server 2k8. at workstations appear error: " security database on server not have computer account workstation ". turned off preauthentication people accounts , computers account, doesn't help. remove computer account form ad , added next time doesn't to. times, when at workstation appear error is need to reboot computer , user can sign in computer. in event log there errors related wins server. solutions? best regards.  

ps. when shutdown 2k8 ewerthing ok.

error logs in event viewer:

"logon attempt by:  microsoft_authentication_package_v1_0

logon account:     pc-beh-37$

source workstation:             pc-beh-37

error code:           0xc0000064

 

 

for more information, see , support center @ http://go.microsoft.com/fwlink/events.asp."

 

"

pre-authentication failed:

               user name:            mateusz

               user id:                  nfm\mateusz

               service name:       krbtgt/nfm

               pre-authentication type:      0x0

               failure code:         0x19

               client address:      10.0.0.50

 

 

for more information, see , support center at

"

 

"

authentication ticket request:

               user name:                           nt authority\network service

               supplied realm name:         nfm

               user id:                                 -

               service name:                       krbtgt/nfm

               service id:                             -

               ticket options:                      0x40810010

               result code:                          0x6

               ticket encryption type:        -

               pre-authentication type:      -

               client address:                      127.0.0.1

               certificate issuer name:      

               certificate serial number:   

               certificate thumbprint:        

"

jacekl.

as "security database on server not have computer account workstation" there can multiple reassons.

  • the obivious 1 computer account got deleted ad, still there/a reboot solves it... that's not case

more likely:

the "pre-authentication failed" errors can safely ignored. more or less inherent kerberos protocol. client tries kerberos communication withouth timestamp included, gets warning , told put additional informaton in request (explanation not precise, it's correct more or less)

http://setspn.blogspot.com


Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

WIMMount (HSM) causing cluster storage to go redirected (2012r2 DC)

-
looking options resolve error , prevent in future. thanks help. hardware: 2 node dell hv cluster running2012r2 dc 8 nic/ea in multiplex mode 4x hyper-v 4x hosts storage: 2x synology nas, accessed through iscsi hosts , cluster relevant logs: log name:      microsoft-windows-failoverclustering/diagnostic source:        microsoft-windows-failoverclustering date:          event id:      2050 task category: none level:         warning keywords:       user:          system computer:      l description: [dcm] filter wimmount found @ unsafe altitude 180700 log name:      system source:        microsoft-windows-failoverclustering date:         event id:      5125 task category: cluster shared volume level:         warning keywords:       user:          system computer: description: cluster shared volume 'volume1' ('cluster disk 1') has identified 1 or more active filter drivers on device stack interfere csv operatio
Read more

Failed to delete the test record dcdiag-test-record in zone test.com

-
ps c:\users\administrator.test> dcdiag /test:dns directory server diagnosis performing initial setup:    trying find home server...    home server = dc02    * identified ad forest.    done gathering initial info. doing initial required tests    testing server: default-first-site-name\dc02       starting test: connectivity          ......................... dc02 passed test connectivity doing primary tests    testing server: default-first-site-name\dc02       starting test: dns          dns tests running , not hung. please wait few minutes...          ......................... dc02 passed test dns    running partition tests on : forestdnszones    running partition tests on : domaindnszones    running partition tests on : schema    running partition tests on : configuration    running partition tests on : test    running enterprise tests on : test.com       starting test: dns          test results domain
Read more

Azure MFA with Azure AD and RDS

-
i have setup following lab in azure , need help. a server (domain controller) , remote desktop services. and server multi factor authentication server. i have setup following one http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ and when im connecting got following error. the user "domain\username", on client computer "xxx.xxx.xxx.xxx", did not meet connection authorization policy requirements , therefore not authorized access rd gateway server. authentication method used was: "ntlm" , connection protocol used: "rpc-http". following error occurred: "23003". also on security log i've got following authentication details: connection request policy name: ts gateway authorization policy network policy name: - authentication provider: radius proxy authentication server: test.test.local authentication type: - eap t
Read more