Event ID: 2
IAS Warning With Reason-Code = 16
If all of the sudden you encounter that your client machine certificate authentication through IAS is no longer working with the following error. You might want to take a look of your Windows 2008 domain controller that have enable DNS services.
Error Code
| Event Type: Warning Event Source: IAS Event Category: None Event ID: 2 Date: 7/14/2009 Time: 9:00:28 AM User: N/A Computer: SERVER01 Description: User host/windowsXP.x-security.net was denied access. Fully-Qualified-User-Name = x-security\windowsXP$ NAS-IP-Address = 192.169.1.66 NAS-Identifier = Called-Station-Identifier = 00-12-CB-34-38-23 Calling-Station-Identifier = 00-33-56-3D-43-32 Client-Friendly-Name = Level1-SW01 Client-IP-Address = 192.168.1.66 NAS-Port-Type = Ethernet NAS-Port = 50004 Proxy-Policy-Name = Use windows authentication for all users Authentication-Provider = Windows Authentication-Server = Policy-Name = Policy_VLAN1 Authentication-Type = EAP EAP-Type = Smart Card or other certificate Reason-Code = 16 Reason = Authentication was not successful because an unknown user name or incorrect password was used. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 0b 03 09 80 ...€ |
The following error suddenly appear spamming the event log at one of the domain controller which is also holding the role of PDC emulator.
Error Code
| Log Name: System Source: NETLOGON Date: 7/14/2009 8:20:41 AM Event ID: 5775 Task Category: None Level: Error Keywords: Classic User: N/A Computer: win2008DC1.x-security.net Description: The dynamic deletion of the DNS record '_ldap._tcp.sitename10._sites.DomainDnsZones.x-security.net. 600 IN SRV 0 100 389 win2008DC1.x-security.net.' failed on the following DNS server: DNS server IP address: 192.168.1.60 Returned Response Code (RCODE): 5 Returned Status Code: 10055 USER ACTION To prevent remote computers from connecting unnecessarily to the domain controller, delete the record manually or troubleshoot the failure to dynamically delete the record. To learn more about debugging DNS, see Help and Support Center. ADDITIONAL DATA Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full. Event Xml: _ldap._tcp.sitename10._sites.DomainDnsZones.x-security.net. 600 IN SRV 0 100 389 win2008DC1.x-security.net. %%10055 192.168.1.60 5 10055 |
Possible Resolutions
| The problem was resolve with this http://support.microsoft.com/default.aspx/kb/961775 hotfix for Event ID: 5775 appearing on the domain controller. Restart is require after applying the hotfix. SCOM agent could be one of the possible reason that cause this behaviour. |
0 comments:
Post a Comment