I noticed on our GFI RM Monitoring that we had a number of Security Logon Failures on one of our Windows 2003 Domain Controllers.
Event ID Failure
This is caused by Windows Vista and Windows 7 Computers sending their Kerberos authentication in AES 128/256 encryption and Windows 2003 Server does not support this method on encryption so it sends a message back to the computer to ask for the encryptio nmethod it does support. The highest Windows 2003 can support is RC4-HMAC and so this event ID 675 is logged to show this process.
You can get rid of this by adding a registry key to each Windows Vista and Windows 7 computer but I would recommend looking to upgrade to Windows 2008 R2 Domain Controllers as a good long term solution.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters
Name: DefaultEncryptionType
Type: REG_DWORD
Value: 23 (dec) or 0x17 (hex)
No comments:
Post a Comment