Information: Forum is in read-only mode
For details and other support options see https://www.adiscon.com/news/support-forum-set-to-read-only-mode/

Event ID 676

Discuss Windows Event Log events. What they mean, what they tell you about your machine's security ... and whatever questions else you have.

Moderator: alorbach

Google Ads


Event ID 676

Postby GSEC » Mon Jan 30, 2006 5:06 pm

Good morning/afternoon everyone,

Recently the company I work for has gone through SOX compliance. With this, the Security team has been tasked with the repsonsibility of aggregating, normalizing, reviewing and monitoring all events that occur on our network. In turn, I have been tasked with daily log review. Currently I am seeing an inordinate amount of 676 authentication ticket request failures from a number of nodes. The error codes vary from 0x6 (most prevalent) to 0x17 (second) to 0x12. I understand the distinction between the 3 however I just want to eliminate the possibility of these being a security "threat" or merely noise on our network generated in lieu of failed replication between DC's or failed time synchronization. I would also like to know if an event ID 676 that generates a kerberos error code of 0x6 would still be generated if the user is trying to authenticate locally and not across the domain (meaning to DC further away geographically). Could a problem with time synchronization/replication between DC's geographically separated still cause a 676 (error code 0x6) event to occur? I am having a hard time buying into the fact that these events could be generated when the client workstations are attempting authentication to the nearest DC. I could be wrong, but I would like to know for sure.


Thank You all, in advance for your assistance. I sincerely appreciate it :D
GSEC
New
 
Posts: 1
Joined: Mon Jan 30, 2006 4:49 pm
Location: Florida

Google Ads


Return to Windows Events

Who is online

Users browsing this forum: No registered users and 0 guests

cron