我们有一台 Windows 2012 R2 RDS 服务器和一台 Windows 2008 R2 域控制器。
每次用户登录或退出 RDS 服务器时,都会记录事件 4771 审核失败,即 DC 上 RDS 服务器的机器帐户的用户名或密码不正确。RDS 服务器运行正常,只是导致审核用户帐户失败的问题。
Kerberos pre-authentication failed.
Account Information:
Security ID: DOMAIN\RDS$
Account Name: RDS$
Service Information:
Service Name: krbtgt/DOMAIN
Network Information:
Client Address: ::ffff:10.0.0.10
Client Port: 53391
Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2
我如何确定记录事件的原因?
更新:仅当我通过 RDP 连接到服务器时才会发生这种情况,本地登录不会导致记录此事件。
在 RDS 服务器上,RDP 登录后,以下事件被记录 8 次,
An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: RDS
Account Domain: DOMAIN
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: RDS
Source Network Address: ::1
Source Port: 63089
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0