Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Maintenance: Administration tasks for the maintenance of Active Directory.|
The Security Account Manager failed a KDC request in an unexpected way. The error is in the data field. The account name was <user name> and lookup type <lookup type code>.
0000: <bytes of the error code>
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of the KDC?
ME325850 on how to use Netdom.exe to reset machine account passwords of a Windows Server domain controller helped me fix this problem.
The Security Accounts Manager (SAM) database on the Kerberos client (the local list of users) is used to authenticate requests from the Kerberos Key Distribution Center (KDC). The SAM database must be available for the Kerberos client authentication request to succeed.
Reported lookup types:
Reported error codes in the Data portion of the event:
0xc0000034 = OBJECT_NAME_NOT_FOUND
0xc00000e5 = INTERNAL_ERROR
Klaas-Jan van der Borden
Low disk space is another cause of these errors. A customer complained about not being able to log on to the server. When checking the event logs, I found that it was filled with these errors. On further examination, I found that the C: drive had only 60MB free.
You may receive this event on the domain controllers where you install the hotfix provided in ME812499.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated