Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Thursday, February 13, 2014

Sharepoint 2013 filling up my Domain Controller's Security Logs

I just bought and implemented Solarwinds' Syslog server. Good stuff. Now I just need to find the time to look at them! :P

In the process of looking through my domain controllers' security logs (just the failure audits) I was inundated with failures from my Sharepoint server. It made the rest of the logs unreadable, so my goal was set: I needed to fix the Sharepoint server and make it stop doing this!

Here's what the errors look like:

2014-01-22 14:46:13 Kernel.Critical Jan 22 14:46:13 MSWinEventLog 2 Security 12451 Wed Jan 22 14:46:13 2014 4769 Microsoft-Windows-Security-Auditing N/A Audit Failure 14337 A Kerberos service ticket was requested.

Account Information: 
Account Name: 
Account Domain: 
Logon GUID: {00000000-0000-0000-0000-000000000000} 

Service Information: 
Service Name: spservice 
Service ID: S-1-0-0 

Network Information: 
Client Address: ::ffff: 
Client Port: 57013 

Additional Information: 
Ticket Options: 0x40810000 
Ticket Encryption Type: 0xffffffff 
Failure Code: 0x1b 
Transited Services: -

It's happening on multiple "client ports":








Thankfully, I was able to track down a guide on configuring Sharepoint kerberos authentication. No, my logs are cleared up and I can see the data that I care about!

1 comment:

  1. Nice Post.Thanks for giving very helpful information about Escort securities and their roles and responsibilities towards security logs .For more information Visit
    Event Security Services