Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Exchange Server / Administration / May 2007

Tip: Looking for answers? Try searching our database.

Security Failure for an administrative account

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Jeff - 31 May 2007 17:22 GMT
Hello,

On my Exchange 2003 server, I am receiving this error in the security event
logs:

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    680
Date:        5/31/2007
Time:        11:58:20 AM
User:        NT AUTHORITY\SYSTEM
Computer:     SERVERNAME

Description:
Logon attempt by:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:    username
Source Workstation:    SERVERNAME
Error Code:    0xC0000064

The error code means that the "account does not exist" but this person is an
administrator for the domain and has been using the same account on ADS for
over a year now.

I am investigating the MS articles suggested by "Help and Support Center",
but none of these seems likely.

Signature

Thanks, Jeff

Reply to this Message
Steve Antonio [MSFT] - 31 May 2007 18:26 GMT
Is the value in "Computer" and "Source Workstation" the same server?
If not, are they in the same domain?

If the two machines are in different domains, then this is likely what
is happening:

When DTC negotiates a connection with another transaction manager, it
will always attempt a secure connection first. If this fails, and
security is disabled for DTC, then it will attempt a connection
without passing any credentials.

In the above scenario the two servers enlisting in a transaction were
in seperate domains. When DTC would try to connect with DTC on the
remote server, it did so in a secure manner and passed the
machine account. This account did not exist in the domain of the
remote server, which resulted in the failure audits in the security
logs with an HRESULT of 0xC00000064. This error code means no such
user exists. DTC then attempted an unauthenticated connection that was
successful and allowed the application to work.

A Netmon trace should show you this behavior.

Hope this helps.

Steve Antonio, CISSP
Microsoft Exchange Support

>Hello,
>
[quoted text clipped - 22 lines]
>I am investigating the MS articles suggested by "Help and Support Center",
>but none of these seems likely.
Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.