Tuesday, October 30, 2007

The Local Security Authority cannot be contacted

Where to start... I have setup a MOSS 2007 site running on Windows Server 2003 R2 with sp2 and all current updates. The site is setup to allow anonymous access as well as integrated Windows login. Everything seems fine, no errors on the server all is running smoothly as long as you enter the correct password. If you miss type your password, instead of prompting you 3 time like IIS should, it immediately displays "The Local Security Authority cannot be contacted". The only thing you can do from here is close your browser and start over again. I have been trying to track down this problem for weeks now with little to no luck, I even wiped out the server and reinstalled all components to no avail.

the web server does register the error:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 10/30/2007
Time: 10:53:03 AM
Computer: XXXX-XXX
Logon Failure:
Reason: An error occurred during logon
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: TELESTO
Status code: 0xC0000225
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.###.##.###
Source Port: 2705

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

While I am looking into this more if anyone has any ideas PLEASE let me know.

One more tidbit it does not have the same problem on all computers, some workstations seem to work as expected.


Chris said...

Hurah! I'm not alone!!

I have the same problem on my Moss farm.

We have two domains and the main corporate domain can login fine. However users in the external sharepoint domain get the "The Local Security Authority cannot be contacted" error if they enter the wrong password and they use their upn. If they use <domainname>\<username> and enter the wrong password then IIS \ SharePoint will prompt 3 times.

I've found no solution yet and I'm still researching it. If the user account does not exist in AD then IIS will still prompt for authentication 3 times...

RobH said...

I found your post as I was having the same problem.

The thing that stuck out to me was the 'wrong password' portion of the post which got me to thinking about having just changed my password.

This led me to go to the stored password section of control panel...user management, where I found that there was a stored password for that particular MOSS site. Deleting the stored password for that site eliminated my problem immediately.

Hope that helps someone!


Shaune Donohue said...

Robh, Unfortunately I had thought of that and it isn't just my computer having the issue.
Still haven't found a solution but still looking in between other issues.

I.S.C. Román P.C. said...

I'm having this old problem and I got no answer yet.

Please help me.