Microsoft KB Archive/318922

= Event 537 Is Listed in the Security Event Log =

Article ID: 318922

Article Last Modified on 2/22/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q318922



SYMPTOMS
If failure auditing is enabled on a Windows 2000-based domain controller, the following event may be listed in the Security event log:

Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 537

Date: 2/27/2002

Time: 10:10:47 AM

User: NT AUTHORITY\SYSTEM

Computer: ROOTDC

Description:

Logon Failure:

Reason: An unexpected error occurred during logon

User Name:

Domain:

Logon Type: 3

Logon Process: Kerberos

Authentication Package: Kerberos

Workstation Name: -



CAUSE
This event may occur if the following conditions exist:
 * You have a Windows 2000-based domain that hosts user accounts.
 * You have a trusting Microsoft Windows NT 4.0-based domain that hosts machine accounts.
 * Windows 2000-based computers are member of the Windows NT 4.0-based domain.
 * Users of the trusted Windows 2000-based domain log on to Windows 2000-based computers in the Windows NT 4.0-based domain.
 * When a user logs on to a Windows 2000-based computer, the computer's time is not synchronized with the time on the Windows 2000-based domain controller in the Windows 2000-based domain that validates the user.

Because the Windows 2000-based computer tries to use Kerberos authentication before using NTLM authentication, the computer tries to contact the Windows 2000-based domain controller by using Kerberos. If the time differs by more than the allowed maximum (by default, five minutes), event 537 is logged on the Windows 2000-based domain controller.



RESOLUTION
To prevent these events, configure the Windows 2000-based computers in the Windows NT 4.0-based domain to synchronize the time with the Windows 2000-based domain.



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

Keywords: kberrmsg kbprb KB318922

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.