Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Pre-Authentication Failure events on the Active Directory (AD) server in InterScan Web Security Virtual Appliance (IWSVA)

    • Updated:
    • 6 Oct 2015
    • Product/Version:
    • InterScan Web Security Virtual Appliance 5.6
    • InterScan Web Security Virtual Appliance 6.0
    • InterScan Web Security Virtual Appliance 6.5
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 3 64-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 4 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE version 10
    • Linux - SuSE version 9
Summary

When IWSVA registers to LDAP servers for user/group name authentication, the Active Directory server continuously receives Pre-Authentication Failure events in Security event log.

This issue is related to pre-authentication. This is the pre-authentication process:

  1. IWSVA sends a Kerberos AS-REQ without "padata", which is required by server for pre-authentication.
  2. AD server realizes this user requires "pre-authentication" and finds no "padata" in the request.
  3. AD server returns an error, which is

    KRB5KDC_ERR_PREAUTH_REQUIRED.

  4. IWSVA receives this message and realizes the pre-authentication is required, then it sends AS-REQ again with “padata”, which the AD requires for pre-authentication.
  5. AD server receives this new request and completes the pre-authentication.

For the normal Kerberos authentication process, refer to the following:

Details
Public

Based on an analysis of the process, the AD server will always record an event for pre-authentication required while it is a normal process. You can safely ignore this security event.

However, if you want to disable logging of the pre-authentication events for the admin account that IWSVA uses:

  1. In AD, go to the property of the admin account.
  2. Click the Account tab.
  3. Under Account options section, tick the Do not require Kerberos pre-authentication check box.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1055058
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.