"jhmphl" wrote:

> We have a server running IIS 6.0/ Solomon Business Portal/ Windows Server 2003.
> A particular domain user receives a prompt for username and password when
> entering an intranet site from her PC. User enters credentials, but username
> and password are rejected.
>
> User tries this from another PC, and is not prompted for credentials. Other
> users are able to log on to this users PC (Windows XP SP 2) and enter the
> intranet site without being prompted for credentials.
>
> From the security log in the IIS server:
>
> 08/25/2005 12:11:40 PM Security Failure Audit Logon/Logoff 537 NT
> AUTHORITY\SYSTEM VIKING "Logon Failure:
> Reason: An error occurred during logon
> User Name:
> Domain:
> Logon Type: 3
> Logon Process: Authz
> Authentication Package: Kerberos
> Workstation Name: VIKING
> Status code: 0xC000040A
> Substatus code: 0x0
> Caller User Name: VIKING$
> Caller Domain: TCD1
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 1576
> Transited Services: -
> Source Network Address: -
> Source Port:
>
> I have also enabled kerberos logging, but am unable to make sense of these
> entries in lsass.log:
>
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24441cf9, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24481e9b, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244b9f21, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244d0ed1, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x244f4291, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x24530b10, accepting 0:0x3e7
> 1080.1220> Kerb-LSess: KerbCreateLogonSessionFromTicket NOT creating ASC
> logon session for 0:0x2456ba2f, accepting 0:0x3e7
> 1080.1220> Kerb-Trace: KerbCreateTokenFromTicket for
>
> Any help would be greatly appreciated.
>
>