Kerberos problem with AD?

[MSAlways]

Hello,

When I looked at the 2003 Server's Security Event Log, I saw loads of Event IDs 529 and 680, and the occasional 560. All of these are happening at times when the server is supposed to be inactive (ie early morning hours when I don't expect anyone to be accessing the server).

After some searching on the Internet, looks like they were related to a previous Windows bug which should have been fixed with the latest updates we've applied already. However, it's still showing up and I'm not quite sure what to make out of it...... Any ideas?

This apparently is causing some Kerberos authentication issues with my SQL Server Reporting Services website running on the server, resulting in either slow authentication or failure to authenticate. Previously this has been worked around by forcing the server to only work with NTLM. When we reverted it back to the default setting (ie to use Kerberos first if available), it worked fine for about a week or so until now. If anyone has any ideas, can you please shed some light? Thanks.

Event ID 680

Event Type: Failure Audit

Event Source: Security

Event Category: Account Logon

Event ID: 680

Date: 3/27/2009

Time: 10:32:40 AM

User: NT AUTHORITY\SYSTEM

Computer: host00032

Description:

Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account: ###ISS###

Source Workstation: GVMHKHKGR4SC01

Error Code: 0xC0000064

Event ID 529

Event Type: Failure Audit

Event Source: Security

Event Category: Logon/Logoff

Event ID: 529

Date: 3/27/2009

Time: 10:32:40 AM

User: NT AUTHORITY\SYSTEM

Computer: host00032

Description:

Logon Failure:

Reason: Unknown user name or bad password

User Name: ###ISS###

Domain: ##ISS##

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name: GVMHKHKGR4SC01

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: 172.28.167.32

Source Port: 0

Event ID 560

Event Type: Failure Audit

Event Source: Security

Event Category: Object Access

Event ID: 560

Date: 3/27/2009

Time: 10:32:40 AM

User: NT AUTHORITY\ANONYMOUS LOGON

Computer: host00032

Description:

Object Open:

Object Server: Security Account Manager

Object Type: SAM_SERVER

Object Name: SAM

Handle ID: -

Operation ID: {0,55968296}

Process ID: 424

Image File Name: C:\WINNT\system32\lsass.exe

Primary User Name: host00032$

Primary Domain: APAC

Primary Logon ID: (0x0,0x3E7)

Client User Name: ANONYMOUS LOGON

Client Domain: NT AUTHORITY

Client Logon ID: (0x0,0x356020E)

Accesses: EnumerateDomains

LookupDomain

Privileges: -

Restricted Sid Count: 0

Access Mask: 0x30