Click an Ad

If you find this blog helpful, please support me by clicking an ad!

Thursday, February 13, 2014

Sharepoint 2013 filling up my Domain Controller's Security Logs

I just bought and implemented Solarwinds' Syslog server. Good stuff. Now I just need to find the time to look at them! :P

In the process of looking through my domain controllers' security logs (just the failure audits) I was inundated with failures from my Sharepoint server. It made the rest of the logs unreadable, so my goal was set: I needed to fix the Sharepoint server and make it stop doing this!

Here's what the errors look like:

2014-01-22 14:46:13 Kernel.Critical dc02.contoso.com Jan 22 14:46:13 dc02.contoso.com MSWinEventLog 2 Security 12451 Wed Jan 22 14:46:13 2014 4769 Microsoft-Windows-Security-Auditing N/A Audit Failure dc02.contoso.com 14337 A Kerberos service ticket was requested.


Account Information: 
Account Name: spservice@contoso.com 
Account Domain: contoso.com 
Logon GUID: {00000000-0000-0000-0000-000000000000} 

Service Information: 
Service Name: spservice 
Service ID: S-1-0-0 

Network Information: 
Client Address: ::ffff:192.168.1.53 
Client Port: 57013 

Additional Information: 
Ticket Options: 0x40810000 
Ticket Encryption Type: 0xffffffff 
Failure Code: 0x1b 
Transited Services: -

It's happening on multiple "client ports":

56591

56594

56605

56607

56624

56643

etc.

Thankfully, I was able to track down a guide on configuring Sharepoint kerberos authentication. No, my logs are cleared up and I can see the data that I care about!

No comments:

Post a Comment