Search This Blog

Friday 24 August 2012

Event Log Error - Event ID 675 Security Authentication Failures

I noticed on our GFI RM Monitoring that we had a number of Security Logon Failures on one of our Windows 2003 Domain Controllers.

Event ID Failure

media_1345792751724.png

This is caused by Windows Vista and Windows 7 Computers sending their Kerberos authentication in AES 128/256 encryption and Windows 2003 Server does not support this method on encryption so it sends a message back to the computer to ask for the encryptio nmethod it does support. The highest Windows 2003 can support is RC4-HMAC and so this event ID 675 is logged to show this process.

You can get rid of this by adding a registry key to each Windows Vista and Windows 7 computer but I would recommend looking to upgrade to Windows 2008 R2 Domain Controllers as a good long term solution.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: DefaultEncryptionType
Type: REG_DWORD
Value: 23 (dec) or 0x17 (hex)

No comments:

Post a Comment