Search This Blog

Wednesday, September 19, 2012

event 675 with 0X19 for ESXi hosts in Windows Security Event Log

Link to the original article:

The error event 675 with 0X19 error code indicates:

0x19 - KDC_ERR_PREAUTH_REQUIRED: Additional pre-authentication required

In domain environment, Kerberos is the default authentication protocol. In Kerberos Authentication protocol implemented in Windows, Pre-authentication is required by default. However, sometimes, clients may not include the pre-authentication data in first communication with KDC (the AS_REQ). As aresult, KDC returns an error to inform client that Pre-Authentication is required, and then an event ID 675 with the error 0x19 is recorded on KDC.


Meanwhile, please set the flag "Do not require pre-authentication" for the
problematic account, to configure the system to not require pre-authentication. For user accounts, we can enable this flag in User Properties. For computer account, we should modify the attribute UserAccountControl via the following steps:

1. On the domain controller, click Start, click Run, type in "adsiedit.msc" (without the quotation marks) and press ENTER to launch ADSI Edit tool.
This tool is included with the Windows 2003 Support Tools. To install the Support Tools, run Suptools.msi from the Support\Tools folder on the Windows 2003 Server CD-ROM.
2. Locate the computer account under the Domain partition.
3. Right-click on the account, click Properties.
4. Then locate the attribute UserAccountControl in the Attributes list. Click Edit.
5. Modify the value to original value plus 4194304. For example, if the original value is 512, the new value should be 512+4194304=4194816. (In my case it was 4096+4194304=4198400)
6. Click OK, click Apply, and click OK.
7. Quit ADSI Edit. Then you can check if the event 675 stops for these accounts.

For more information about UserAccountControl attribute, you can refer to the following article:

How to use the UserAccountControl flags to manipulate user account properties

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    675
Date:        9/19/2012
Time:        11:08:21 PM
User:        NT AUTHORITY\SYSTEM
Computer:    CLSMAIN07
Description:
Pre-authentication failed:
     User Name:    ESX02$
     User ID:        TEST\ESX02$
     Service Name:    krbtgt/TEST.LOCAL
     Pre-Authentication Type:    0x0
     Failure Code:    0x19
     Client Address:    192.168.0.13


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 

Followers