Invalid Forwarded AS Request Rule

Run As Profiles

Name
Default

Alert Details

Message Priority Severity
Invalid Forwarded AS Request Medium Critical

Rule Knowledgebase

Summary

This domain controller has received an invalid Authentication Service (AS) request from the primary domain controller (PDC). It is possible that someone is attempting to spoof the PDC for the domain.

Causes
This rule does not contain any causes.
Resolutions

Verify that this domain controller can communicate with the PDC by reviewing the alerts created by the AD Op Master Response script.

Verify that there is no firewall blocking the Kerberos port.

Reset the password on the machine account for the PDC.

Use Adsiedit.msc to verify that the PDC machine account does not have a user principal name (UPN) defined.

External References

For more information, see:

See Also for Active Directory (AD) Monitoring Management Pack


Downloads for Active Directory (AD) Monitoring Management Pack

AZURE OPTIMIZATION ASSESSMENT GET STARTED
MIGRATION TO AZURE GET STARTED
SYSTEM CENTER MIGRATION TO AZURE GET STARTED
MIGRATION TO AZURE FOR SQL AND WINDOWS 2008 GET STARTED