VMware Cloud Community
vmrulz
Hot Shot
Hot Shot

ESX301 - AD pre-authentication event 675 errors on our DC's

Greetings,

We've had AD authentication working on our fleet of 40 ESX 301 servers since inception. We setup our auth via esxcfg-auth per standard guidelines

esxcfg-auth --enablead --addomain domain.com --addc dc.domain.com

Our security folks are seeing hundreds of event id 675 errors on the domain controllers related to the logons to our ESX boxes. We have monitoring tools that logon to each ESX box every few minutes thus the reason for the high numbers.

This is the error on the ESX side

sshd(pam_unix)[8749]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=windowsADserver user=monitoringuser

Error on the windows side:

2008-05-01 11:36:29

DC

Security

Account Logon

675

NT AUTHORITY\SYSTEM

Pre-authentication failed: User Name: user User ID: domainuser Service Name: krbtgt/domain Pre-Authentication Type: 0x0 Failure Code: 0x19 Client Address: clientIP

Security

Here are the kerberos modules we have loaded:

krbafs-1.1.1-11

pam_krb5-1.77-1

krb5-libs-1.2.7-66

Has anyone had to deal with these from the ESX side? I realize we can turn kerberos pre-authentication off in AD per user, but the security spooks don't like that.

I opened a minor ticket with VMware to parallel this thread.

Thanks






Mother's don't let your children do production support for a living!

Reply
0 Kudos
0 Replies