RE: event 672

• From: "Zoran Marjanovic" <Zoran.Marjanovic@xxxxxxxxxxxxxxxxxxx>
• To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
• Date: Fri, 17 Mar 2006 13:37:55 +0100

http://www.microsoft.com/technet/Security/bestprac/bpent/sec3/monito.msp
x

 

672 - Authentication Ticket Granted

 

It is connected to DC, Kerberos and DNS config. So check your DC's
config and check clients for DNS settings.

 

If you cannot solve the problem, you could increase the number of failed
logon attempts before the account is locked down.

Or remove it, as the guys from MS security team say it is just a nice
tool for DoS attack, not a real security related measure.

 

----------------------------------
Zoran 

________________________________

From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] 
Sent: Friday, March 17, 2006 1:06 PM
To: [ExchangeList]
Subject: [exchangelist] event 672

 

http://www.MSExchange.org/ 

Hi,

 

Any idea about this event? 

 

Source: Security

Type: Failure Audit

Event id 672

Category Account logon 

 

Authentication Ticket Request:

User Name: Chan.ban

Supplied Realm Name: dsltech

User ID: -

Service Name: krbtgt/dsltech

Service ID: -

Ticket Options: 0x40810010

Result Code: 0x12

Ticket Encryption Type: -

Pre-Authentication Type: -

Client Address: 10.10.10.125 (this is my front end IP)

Certificate Issuer Name: 

Certificate Serial Number: 

Certificate Thumbprint: 

 

For more information, see Help and Support Center at 

 

I check on the web site, but no where I can find failure events with
respect to event id 672. 

 

Some users account is getting locked when tried to logon for the first
time in the morning even when tried to logon with correct password.
Account lock policy is set to 3 times, but account gets locked even on
the first try itself. 

 

When I checked on the server for events I found around 12 events like
this. I use windows 2003 sp1 and exchange 2003 sp1

Regards

Praveen R

 

________________________________

Yahoo! Mail
Bring photos to life! New PhotoMail
<http://pa.yahoo.com/*http:/us.rd.yahoo.com/evt=39174/*http:/photomail.m
ail.yahoo.com> makes sharing a breeze.
------------------------------------------------------ List Archives:
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange
Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------ Visit
TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------ You are currently
subscribed to this MSExchange.org Discussion List as:
zoran.marjanovic@xxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to
info@xxxxxxxxxxxxxx

Other related posts:

• » event 672
• » RE: event 672

1. Home
2. exchangelist
3. Archive
4. 03-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---