Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

KDC Error, Event ID 23

2,962 views
Skip to first unread message

Amazon3d

unread,
Oct 21, 2008, 8:54:19 AM10/21/08
to
I recieved the following Error on my SBS server the other day and have not
seen it before, anyone know what it actually means, Google hasnt reveiled
anything yet.KDC 23 10/20/2008 1:50 PM 1
The KDC received invalid messages of type changepassword.

Lanwench [MVP - Exchange]

unread,
Oct 21, 2008, 9:26:05 AM10/21/08
to

I haven't seen this before, but
http://technet.microsoft.com/en-us/library/cc734007.aspx seems to indicate
that it's nothing to worry about. Are you having any problems outside of the
mysterious event log error?


Miles Li [MSFT]

unread,
Oct 22, 2008, 6:25:10 AM10/22/08
to
Hello,

Thank you for posting here.

According to your description, I understand that:

You have a concern about the KDC Event 23 on the SBS server.

If I have misunderstood the problem, please don't hesitate to let me know.

Suggestions:
===================
Yes, Lanwench is right. This error message can be safely ignored if you do
not experience other related issues.

Additionally, this issue may result from some 3rd party network scanning
tools in the domain. You may perform a network trace on the SBS server if
you want to find out who is sending the request that causes this issue.
Once the Event 23 is recorded on the server, you can stop the capture to
find which computer/device has send the packet with the destination SBS IP
address and port 464 (TCP or UDP). Port 464 is assigned for Kerberos
kpasswd (v5).

For more information you may refer to:

Port Assignments for Commonly-Used Services
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/cnet/cnf
c_por_simw.mspx?mfr=true

Hope it helps. If you have any questions or concerns, please do not
hesitate to let me know.


Best regards,
Miles Li

Microsoft Online Partner Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Amazon3d

unread,
Oct 22, 2008, 11:05:21 AM10/22/08
to
Nope this was just an error I havent seen before and wanted to make sure it
wasn't something adverese.
I was running nmap to scan for issues so that may have triggered it.
Thanks for your replies.
"Amazon3d" <amaz...@yahool.com> wrote in message
news:eCQbjw3M...@TK2MSFTNGP05.phx.gbl...

Miles Li [MSFT]

unread,
Oct 23, 2008, 6:49:42 AM10/23/08
to
Hi,

Thanks for your update.

Please take your time to collect the information from the network trace
log. Do you find the Kerberos
kpasswd packets to SBS server port 464?

Amazon3d

unread,
Nov 4, 2008, 11:06:07 AM11/4/08
to
After reviewing my logs, network packets, IDS, and error logs I believe this
is just part of windows flaws. I can see it obviously did not come from
outside my network so for the moment I wont fret over it.

Miles Li [MSFT]

unread,
Nov 5, 2008, 5:27:43 AM11/5/08
to
Hello,

Thanks for the update.

So the request is generated from the internal network. Have you identified
the source computer that sends out the request? You can safely ignore it if
an internal client computer sends out the invalid request because of the
incorrect setting or something else.

If you have any further questions or concerns, please do not hesitate to
let me know. It is always my pleasure to be of assistance.

0 new messages