none
Event ID: 5000 - The security package Kerberos generated an exception. The exception information is the data.

    Question

  • We are experience an issue with our Windows 7 Enterprise machines when they are scanning by a Third Party product for software patches and vulnerability management. The Third Party product uses nmap amongst other tools for its scan. When it scans we get the following event log:

    Log Name:      System
    Source:        LsaSrv
    Date:          10/09/2013 12:56:02
    Event ID:      5000
    Task Category: None
    Level:         Error
    Keywords:      
    User:          SYSTEM
    Computer:      RemoveName
    Description:
    The security package Kerberos generated an exception. The exception information is the data.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="LsaSrv" Guid="{199FE037-2B82-40A9-82AC-E1D46C792B99}" />
        <EventID>5000</EventID>
        <Version>0</Version>
        <Level>2</Level>
        <Task>0</Task>
        <Opcode>0</Opcode>
        <Keywords>0x8000000000000000</Keywords>
        <TimeCreated SystemTime="2013-09-10T11:56:02.963895700Z" />
        <EventRecordID>25751</EventRecordID>
        <Correlation />
        <Execution ProcessID="740" ThreadID="896" />
        <Channel>System</Channel>
        <Computer>RemovedName</Computer>
        <Security UserID="S-1-5-18" />
      </System>
      <EventData>
        <Data Name="Package">Kerberos</Data>
        <Binary>63736DE00100000000000000000000005D9EA9FDFE07000004000000000000002005931900000000F0DCFD0100000000A045E7FCFE0700000000D1FCFE07000000000000000000004A335A7500000000488FFD01000000008097FD010000000000000000000000000000000000000000009CFD01000000006B335A750000000070AEFD010000000000E0FD010000000000E0FD0100000000</Binary>
      </EventData>
    </Event>
    

    Once this occurs it is not possible to login to the box using any method, the only option is to select reboot from the login page or press the power button.

    We don't believe that Windows 7 is totally to blame as we have found that uninstalling Check Point Full Disk Encryption E80.x stops the issue from happening.

    I am looking for a method of providing more information to all parties so they stop pointing fingers at each other and find a fix for the problem.

    Neal

    Wednesday, October 09, 2013 9:55 PM

Answers

All replies