Event ID 7 in Windows 2000 Server Event-Log
Holderfield, Jason
if any resolution has been found. Microsoft has no information:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 6/18/2003
Time: 4:53:25 PM
User: N/A
Computer:
Description:
The Security Account Manager failed a KDC request in an unexpected way. The
error is in the data field. The account name was ⭄竇䓹粥琞敗ِߕ崨ߕ��⤀ and
lookup type 0x100.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: c0000034
Any suggestions/ideas?
Thank you,
jholde...@rita.to <mailto:jholde...@rita.to>
**********************************************************************
CONFIDENTIALITY NOTICE: This message is intended only for the
lawful and specified use of the individual or entity to which it is addressed and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that you are strictly prohibited from disclosing, printing, storing, disseminating, distributing or copying this communication, or admitting to take any action relying thereon, and doing so may be unlawful. It should be noted that any use of this communication outside of the intended and specified use as designated by the sender, may be unlawful. If you have received this communication in error, please notify the Regional Income Tax Agency (R.I.T.A) Operations Group @ 440-922-3275 or via e-mail secu...@rita.to <mailto:secu...@rita.to> and delete the message from your computer. Thank You.
**********************************************************************
________________________________________________
Kerberos mailing list Kerb...@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
Karl Pitrich
> I have received the error below on one of my domain controllers. Wondering
> if any resolution has been found. Microsoft has no information:
>
> Event Type: Error
> Event Source: KDC
> Event Category: None
> Event ID: 7
> Date: 6/18/2003
> Time: 4:53:25 PM
> User: N/A
> Computer:
> Description:
> The Security Account Manager failed a KDC request in an unexpected way. The
> error is in the data field. The account name was ⭄竇䓹粥琞敗ِߕ崨ߕ
i had this error too some weeks ago...
i _think_ this is a locked out domain user trying to log in and the KDC refuses initial credentials.
another possibility is that someone tries principal user@FOO where the Windows2000 domain
ist FOO.COMPANY.COM and the client kinit program cannot set bit 15 (IIRC) to canonicalize the
realm name.
/ karl
Mel Riser
I traced the IP's back to a hacker group in Taiwan and they are trying a buffer overflow to change usernames and break in.
If anyone gets a better idea of the process and function call they are making, please forward to the list.
My IDS is triggering on the error as well.
my solution for now is to block that IP range at the screening router on the edge.
hope to grep the logs this weekend and try and correlate the events in IDS to the Win2k error log
mel
-----Original Message-----
From: Holderfield, Jason [mailto:jholde...@ritaohio.com]
Sent: Friday, June 20, 2003 8:40 AM
To: 'kerb...@mit.edu'
Subject: Event ID 7 in Windows 2000 Server Event-Log
I have received the error below on one of my domain controllers. Wondering
if any resolution has been found. Microsoft has no information:
Event Type: Error
Event Source: KDC
Event Category: None
Event ID: 7
Date: 6/18/2003
Time: 4:53:25 PM
User: N/A
Computer:
Description:
The Security Account Manager failed a KDC request in an unexpected way. The
Sam Hartman
Mel> I am seeing this error on WIN2K KDC in my lab. I traced the
Mel> IP's back to a hacker group in Taiwan and they are trying a
Mel> buffer overflow to change usernames and break in.
If you can get a packet capture of this request it would be
interesting.