Computers loosing trust to my domain!

-

hi!

so deployed windows 7 many remote locations have no local domain controller , connected head quarter slow link, couple months later have received couple of cases computers looses trust domain when user tries login get: "trust relationshitp between workstation , primary domain failed"

on domain controller see event (4625):

an account failed log on.  subject: 	security id:		null sid 	account name:		- 	account domain:		- 	logon id:		0x0  logon type:			3  account logon failed: 	security id:		null sid 	account name:		thecomputer$ 	account domain:		thedomain  failure information: 	failure reason:		unknown user name or bad password. 	status:			0xc000006d 	sub status:		0xc000006a  process information: 	caller process id:	0x0 	caller process name:	-  network information: 	workstation name:	thecomputer 	source network address:	10.146.34.31 	source port:		62728  detailed authentication information: 	logon process:		ntlmssp  	authentication package:	ntlm 	transited services:	- 	package name (ntlm only):	- 	key length:		0

according site: https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4625

the event id saying computer trying login wrong password:

0xc000006a    user name correct password wrong

i have read through blog post , thing can imagine secure channel have failed, reason?

checking password powershell:

ps c:\windows\system32> get-adcomputer computer -properties * |select *pass*   allowreversiblepasswordencryption : false badpasswordtime                   : 0 cannotchangepassword              : false lastbadpasswordattempt            :  passwordexpired                   : false passwordlastset                   : 2015-09-03 20:38:20 passwordneverexpires              : false passwordnotrequired               : false
can see password reset recently.

any ideas ? don't want happen on 400~ machines have remote.

thanks!



hi

 the resolution "trust relationship between...." check ms article,

https://support.microsoft.com/en-us/kb/2771040

aso event id 4625 correct,it point bad password(on clients cache,etc),check forum answer , run "nltest /sc_verify:domain-name" test on clients,

https://social.technet.microsoft.com/forums/windowsserver/en-us/ae9da10a-b4d2-4eda-ae6d-ad61b7b6ab79/audit-failure-event-id-4625?forum=winserversecurity

this posting provided no warranties or guarantees,and confers no rights. best regards burak uğur



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more