Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 6037 Source: LsaSrv

Source
Level
Description
The program svchost.exe with the assigned process ID 708 could not authenticate locally by using the target name RestrictedKrbHost/OCSPoolName.domain.name. The target name used is not valid. A target name should refer to one of the local computer names for example the DNS host name.

Try a different target name.
Comments
 
Click Start, click Run, type regedit, and then click OK. In Registry Editor, locate and then click the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0

Right-click MSV1_0, point to New, and then click Multi-String Value.
Type BackConnectionHostNames, and then press ENTER.
Right-click BackConnectionHostNames, and then click Modify.
In the Value data box, type the URL mentioned in the above warning event, and then click OK.
Quit Registry Editor, and then reboot.
From a support forum: This settings should fix it:

HKLM\system\CurrentControlSet\Services\Lanmanserver\parameters
DisableStrictNameChecking:DWORD=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
DisableLoopbackCheck:DWORD=1

The server must be restarted for the settings to take effect. See ME896861 for details about these registry settings.
If you installed a Office communication Server 2007 R2 Front-End server and see this event then when your Server gets refered with your OCS Pool name and this SPN is not assigned to this server we get above mentioned event from LsaSrv. To resolve this we simply need to add one spn for your Front-end server as following and you should be good.

setspn -a RestrictedKrbHost/<FQDN_OCS_Pool_Name> <Front_End_Server>

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...