Event ID 676 flood

[AnotherITguy]

Hello,

Just a few days ago one of our domain controllers started generating hundreds of 676 errors in the Security log:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 676
Date: 2/16/2006
Time: 10:55:15 AM
User: NT AUTHORITY\SYSTEM
Computer: Server1
Description:
Authentication Ticket Request Failed:
User Name: server1$
Supplied Realm Name: Domain1.LOCAL
Service Name: krbtgt/Domain1.LOCAL
Ticket Options: 0x40810010
Failure Code: 0x6
Client Address: 127.0.0.1

I understand that it's a Kerberos error, but the client address is the loopback. What is going on here? Please help!!!

Thanks,

Jay

 

[AnotherITguy]

OK, here's an update:

I found a potential fix so I created the three environmental variables (%SYSVOL%, %DSDIT%, and %DSLOG%) and rebooted the PC and now the 1202 errors are still occuring, but with a different warning code:

"Security policies are propagated with warning. 0x534"

After running the following line at the command prompt:
"FIND /I "Cannot find" %SYSTEMROOT \Security\Logs\winlogon.log"

I get this: "Cannot find Power Users.
Cannot find Power Users.
Cannot find Power Users."

Next I ran this: "FIND /I "Power Users" %SYSTEMROOT%\Security\templates\policies\gpt*.*"

Got this in return: "---------- C:\WINNT\SECURITY\TEMPLATES\POLICIES\GPT00000.INF
SceInfPowerUsers = Power Users"

Finally I ran: "FIND /I "[Mapping]" %SYSTEMROOT%\Security\Logs\winlogon.log"

And this was the output: "---------- C:\WINNT\SECURITY\LOGS\WINLOGON.LOG
[Mapping] gpt00000.inf = Default Domain Controllers Policy
[Mapping] gpt00000.inf = Default Domain Controllers Policy"

OK, so for some reason the DC can't find the Power User's group which is apparently listed in the Default Domain Controllers Policy, BUT, first of all why is this a problem, secondly -why don't the other DCs have this issue?

Sorry for the length but I wanted to provide as much info as possible. Any help someone could offer would be much appreciated!

Thanks,

Jay