Many failure audits appearing in the security event log

There are many failure audit messages that appear in the event viewer, so much that it's the only message that appears.

When I stop the TeamCity web server, the messages disappear, when it's running, there are about 30 errors that appear roughly at a 30 second interval.


Here's an example error:

Event Type:    Failure Audit
Event Source:    Security
Event Category:    Account Logon
Event ID:    680
Date:        9/16/2010
Time:        2:26:59 PM
User:        NT AUTHORITY\SYSTEM
Computer:    BUILDSERVER
Description:
Logon attempt by:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:    teamcity
Source Workstation:    BUILDSERVER
Error Code:    0xC0000064


The 'teamcity' account is a restricted domain user account, which has read-only access to our Visual SVN repository, which is running https.  As far as operation goes, nothing from TeamCity's point of view shows anything as ill behaving.  All the builds work as expected and can see pending changes.  It would be nice to fix these errors though.

Any help is appreciated.  Thanks.

3 comments

What authentication schema is used to authorize TeamCity users? Are there any exceptions in the teamcity-server.log or in teamcity-vcs.log?

0

Teamcity's built-in authentication.

teamcity-vcs.log has the following exception which looks related:
[2010-09-19 00:05:33,526]   WARN [oader 4 {id=16}] -      jetbrains.buildServer.VCS - Error while loading vcs version for root 'svn: https://path/to/trunk {id=16}', id=16: org.tmatesoft.svn.core.SVNAuthenticationException: svn: Authentication required for '<https://server> Subversion Repositories'

Is {id=16} representive of a project or build ID?  Thanks.

0

Hello Bailey,

   id=16 relates to the VCS Root id. You may want to review page http://buildserver/admin/vcsRootsGlobal.html, find VCS root with it 16 and investigate its settings.
   You can find related VCS Root by name (svn: https://path/to/trunk) on this page.

   Please let us know if you find anything unusual.

   Regards,
   KIR

0

Please sign in to leave a comment.