Skip navigation

Macs generating thousands of pre-auth failures a day  in AD Security Log

1586 Views 2 Replies Latest reply: Jun 12, 2013 5:00 PM by garrett88 RSS
Christopher Mills2 Calculating status...
Currently Being Moderated
Feb 21, 2011 8:20 AM
I've had some Windows admins moaning at me because the Macs are generating a huge amount of network traffic at one of my sites. 16,000 entries in two days, to be precise!

It doesn't appear to make a difference if the users are logged in or not; these errors appear in the Security Log in AD:


Type: Failure Aud
Category: Account Logon
Event ID: 675
User: NT AUTHORITY/SYSTEM

Description

pre-authentication failed:
User Name: f-mac-011$
User ID: FLINDO\f-mac-011$
Service Name: krbtgt/FLINDO.INTERNAL
Pre-Auth Type: 0x2
Failure Code: 0x18
Client Address: 10.134.48.7


There is nothing abnormal about the way the Macs are functioning, aside from a few ups/down in the logs for the ethernet port. I have established that the account originally used for binding to AD has been disabled. Could this be the source of the problem? It's awkward to try and diagnose with no access to the Win Server and admins who automatically throw the blame at the Macs :/
Mac OS X (10.6.4)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.