2 Replies Latest reply: Jun 12, 2013 5:00 PM by garrett88
Christopher Mills2 Level 1 (10 points)
I've had some Windows admins moaning at me because the Macs are generating a huge amount of network traffic at one of my sites. 16,000 entries in two days, to be precise!

It doesn't appear to make a difference if the users are logged in or not; these errors appear in the Security Log in AD:


Type: Failure Aud
Category: Account Logon
Event ID: 675
User: NT AUTHORITY/SYSTEM

Description

pre-authentication failed:
User Name: f-mac-011$
User ID: FLINDO\f-mac-011$
Service Name: krbtgt/FLINDO.INTERNAL
Pre-Auth Type: 0x2
Failure Code: 0x18
Client Address: 10.134.48.7


There is nothing abnormal about the way the Macs are functioning, aside from a few ups/down in the logs for the ethernet port. I have established that the account originally used for binding to AD has been disabled. Could this be the source of the problem? It's awkward to try and diagnose with no access to the Win Server and admins who automatically throw the blame at the Macs :/

Mac OS X (10.6.4)
  • Christopher Mills2 Level 1 (10 points)
    Just to follow this up:

    I found that the admin account which was originally used to bind the Macs to AD had been removed. To fix I had to un-bind all 53 Macs, remove krb5.keytab then re-bind them all to the domain with new computer names. I also had to get the Windows admins to remove residual DNS records from their DC.

    Ah, the joys of the education market...
  • garrett88 Level 1 (0 points)

    Quick way for the Windows admins to fix the Mac AD accounts in Powershell

     

     

    $computer = get-adcomputer "maccomputername"

    set-adobject $computer.distinguishedname -replace @{UserAccountControl=4198400}

     

    Basically it sets the flag DONT_REQUIRE_PREAUTH for the computer account.

    Accounts default to 0x1000 (4096), but the above changes it to 0x401000 (4198400)

     

    See this for more info...

    http://support.microsoft.com/kb/305144?wa=wsignin1.0