Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The session setup from the computer <computername> failed to authenticate. The following error occurred: Access is denied.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of the Netlogon share?
What is a session setup?
This error can occur on read only controllers by user or computer accounts that have not been explicitly allowed to cache their passwords via the PRP (Password Replication Policy) for the read only domain controller. Review EV100385 (Administering the Password Replication Policy) on how to add accounts if necessary. So long as the systems can contact a writeable domain controller, this should not be a serious issue. If, however, the PDC is unavailable, the user or computer may not be able to login. This may be accompanied by 5723 errors as well.
I accessed the domain controller and found that the machine account was disabled, I enabled the account and the problem was solved.
This issue is related to replication. However, even after replicating all the DCs I was facing the same issue. Then I had to:
1) Disjoin the member server from the domain
2) Search & delete the computer account of this member server in all DCs
2) Force replication
3) Joint he member server back to the domain.
In one case, this Event ID appeared for a computer account that had been disabled for some time before it was re-enabled. It had probably become invalid.
In another case, this Event ID appeared for a computer account that had been added to the domain but the domain controllers were restored to an earlier point in time.
In another case, this Event ID appeared on a Windows 2003 SP1 domain controller each time a Windows XP SP2 computer was started. This computer could ping the domain controller but not vice versa.
Resolution: Disable the Windows XP Firewall. Remove and re-join the computer to the domain. Consider deleting the computer object in Active Directory users and computers in-between to delete any sub-components of the computer object.
Peter Van Gils
As per Microsoft: "If you do not find multiple instances of the computer name, verify that replication is functioning for the domain that contains the computer account". Refer to TB727057 (Active Directory Operations Overview) for more details.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated