Internet Information Services (IIS), recently started giving me some grief for a particular farm I manage. Several days ago, users started reporting they were unable to login to the SharePoint environment and the crawler started showing access denied errors as well when attempting full and incremental crawls.
A quick interogation of the server security event logs revealed a large number of 537 events (Failure Audit) with what can only be described as gibberish (garbled characters) for the Logon Process. For example:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: Date
Time: Time
User: NT AUTHORITY\SYSTEM
Computer: Computer_Name
Description: Logon Failure:
Reason: An error occurred during logon
User Name: User_Name
Domain: Domain_Name
Logon Type: 3
Logon Process: Ðùº
Authentication Package: NTLM
Workstation Name: Computer_Name
Status code: 0xC000006D
Substatus code: 0×0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP_Address
Source Port: Port_Number
As luck would have it, Microsoft has a KB article detailing this exact behavior (KB896861). The farm was indeed running Windows Server 2003 Service Pack 1. A quick trip to the registry did solve the issue. At this point it was determined that we should upgrade to Service Pack 2 as support will be ending for Service Pack 1 in 2009.
The strange thing is that we had not recently applied any updates to the servers (although we had recently updated the Alternate Access Mappings (AAMs) for the farm.
0 Comments.