windows-server-2008 – 系统帐户登录每30秒失败一次

Log Name:      Security
 Source:        Microsoft-Windows-Security-Auditing
 Date:          10/17/2012 10:02:04 PM
 Event ID:      4625
 Task Category: Logon
 Level:         Information
 Keywords:      Audit Failure
 User:          N/A
 Computer:      SERVERNAME.domainname.local
 Description:
 An account failed to log on.

 Subject:
 Security ID:       SYSTEM
 Account Name:      SERVERNAME$
 Account Domain:        DOMAINNAME
 Logon ID:      0x3e7

 Logon Type:            3

 Account For Which Logon Failed:
    Security ID:        NULL SID
    Account Name:       
    Account Domain:     

 Failure Information:
    Failure Reason:     Unknown user name or bad password.
    Status:         0xc000006d
    Sub Status:     0xc0000064

 Process Information:
     Caller Process ID: 0x238
     Caller Process Name:   C:WindowsSystem32lsass.exe

 Network Information:
     Workstation Name:  SERVERNAME
     Source Network Address:    -
     Source Port:       -

 Detailed Authentication Information:
     Logon Process:     Schannel
     Authentication Package:    Kerberos
     Transited Services:    -
     Package Name (NTLM only):  -
     Key Length:        0

在上述每个事件之后的第二个事件

Log Name:      Security
 Source:        Microsoft-Windows-Security-Auditing
 Date:          10/17/2012 10:02:04 PM
 Event ID:      4625
 Task Category: Logon
 Level:         Information
 Keywords:      Audit Failure
 User:          N/A
 Computer:      SERVERNAME.domainname.local
 Description:
 An account failed to log on.

 Subject:
     Security ID:       NULL SID
     Account Name:      -
     Account Domain:        -
     Logon ID:      0x0

 Logon Type:            3

 Account For Which Logon Failed:
     Security ID:       NULL SID
     Account Name:      
     Account Domain:        

  Failure Information:
     Failure Reason:        An Error occured during Logon.
     Status:            0xc000006d
     Sub Status:        0x80090325

 Process Information:
      Caller Process ID:    0x0
      Caller Process Name:  -

 Network Information:
     Workstation Name:  -
     Source Network Address:    -
     Source Port:       -

 Detailed Authentication Information:
     Logon Process:     Schannel
     Authentication Package:    Microsoft Unified Security Protocol Provider
     Transited Services:    -
     Package Name (NTLM only):  -
     Key Length:        0

编辑更新：我有更多信息要添加.我在这台机器上安装了网络监视器并为Kerberos流量做了一个过滤器,发现以下内容对应于安全审核日志中的时间戳.

Kerberos AS_Request Cname：CN = SQLInstanceName Realm：domain.local Sname krbtgt / domain.local

来自DC的答复：KRB_ERROR：KDC_ERR_C_PRINCIPAL_UNKOWN

然后,我检查了响应的DC的安全审核日志,发现以下内容：

A Kerberos authentication ticket (TGT) was requested.

 Account Information:
         Account Name:      X509N:<S>CN=SQLInstanceName
     Supplied Realm Name:   domain.local
     User ID:           NULL SID

 Service Information:
     Service Name:      krbtgt/domain.local
     Service ID:        NULL SID

 Network Information:
     Client Address:        ::ffff:10.240.42.101
     Client Port:       58207

 Additional Information:
     Ticket Options:        0x40810010
     Result Code:       0x6
     Ticket Encryption Type:    0xffffffff
     Pre-Authentication Type:   -

 Certificate Information:
    Certificate Issuer Name:        
    Certificate Serial Number:  
    Certificate Thumbprint:

所以似乎与安装在SQL机器上的证书有关,仍然没有任何线索为什么或所述证书有什么问题.它没有过期等.