4776 Audit Failure Appearing in Child domain... Expand / Collapse
Author
Message
Posted 11/13/2015 3:30:48 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/13/2015 3:03:34 PM
Posts: 1, Visits: 0
Hello all,

Here's my AD setup:

parentdomain.com
child1.parentdomain.com
child2.parentdomain.com

I have a proxy server using the account proxylookup@parentdomain.com to verify AD accounts for the parent and child domains and take proper actions based on AD group membership, etc. The proxy server is hard configured to point only to the DCs in parentdomain.com.

However, in all the child1.parentdomain.com DC security logs, I receive an Audit Failure Event ID 4776 with the following error message thousands of times:

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: proxylookup@parentdomain.com
Source Workstation: PROXYSRV
Error Code: 0xc0000064

I think the error is telling me that proxylookup@parentdomain.com does not exist in child1.parentdomain.com? Are the parentdomain.com DCs passing lookup requests to the child1.parentdomain.com DCs and these are failing? Is this normal?

I'm having trouble understanding what's happening. If anyone could shed some light, it would be greatly appreciated.

Thanks!
Post #5150
Posted 12/3/2015 8:10:31 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 237, Visits: 0
Based upon this event it looks like proxysrv is trying to authenticate to child1.parentdomain.com using NTLM and the name does not exist. Could there be a mis configuration with the proxy server?
Post #5151
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 6:16am