sirclesadmin
4 years ago
What is this error? We have no trusts in our domain and so this is a mystery...

Log Name: System
Source: Microsoft-Windows-Security-Kerberos
Date: 15/04/2020 03:37:44
Event ID: 7
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: %computername%.domain.local
Description:
The digitally signed Privilege Attribute Certificate (PAC) that contains the authorization information for client %computername% in realm domain.local could not be validated.

This error is usually caused by domain trust failures; Contact your system administrator.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
<EventID Qualifiers="49152">7</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-04-15T02:37:44.660721900Z" />
<EventRecordID>1563785</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>System</Channel>
<Computer>%computername%.domain.local</Computer>
<Security />
</System>
<EventData>
<Data Name="ClientName">%computername%$</Data>
<Data Name="Realm">domain.local</Data>
<Binary>5E0000C0</Binary>
</EventData>
</Event>

Sponsor

Want to thank us? Use: Patreon or PayPal or Bitcoins: bc1q4whppe29dw77rm4kv4pln0gqae4yjnxly0dny0hky6yhnafukzjsyrsqhk

All opinions expressed within these pages are sent in by members of the public or by our staff in their spare time, and as such do not represent any opinion held by sircles.net Ltd or their partners.


Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member
4 years ago
If you have no trusts in your organisations, then you should not see this. Check the domain DCs that a trust has not been left after disconnecting from another domain and that none of the PC users are still logging into a cached domain user from a disconnected domain.

It could also be an external user connecting to your LAN instead of your public WiFi maybe..
Lemonde
  • Lemonde
  • 100% (Exalted)
  • Advanced Member
4 years ago
Is it alongside an event 5719?

If so it is probably a sign that the domain controllers were unavailable or restarting or similar, and the server couldn't find the domain the PC was addressing.

Log Name: System
Source: NETLOGON
Date: 10/12/2020 04:35:12
Event ID: 5719
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: EX1.smithfield.local
Description:
This computer was not able to set up a secure session with a domain controller in domain smithFIELD due to the following:
There are currently no logon servers available to service the logon request.
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5719</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2020-12-10T04:35:12.000000000Z" />
<EventRecordID>665780</EventRecordID>
<Channel>System</Channel>
<Computer>smith-EX1.smithfield.local</Computer>
<Security />
</System>
<EventData>
<Data>smithFIELD</Data>
<Data>%%1311</Data>
<Binary>5E0000C0</Binary>
</EventData>
</Event>