A couple of strange warnings in the Security event log always occur when then transaction fails:
Log 1:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 2008-2-20
Time: 9:43:10
User: NT AUTHORITY\SYSTEM
Computer: ****
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: ****$
Source Workstation: ****
Error Code: 0xC0000064
Log 2:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 2008-2-20
Time: 9:43:10
User: NT AUTHORITY\SYSTEM
Computer: ****
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ****$
Domain: WORKGROUP
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ****
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP ADDRESS
Source Port: 2044
=========================
If the two machines are in different domains, then this is likely what is happening:
When DTC negotiates a connection with another transaction manager, it will always attempt a secure connection first. If this fails, and security is disabled for DTC, then it will attempt a connection without passing any credentials.
In the above scenario the two servers enlisting in a transaction were in seperate domains. When DTC would try to connect with DTC on the remote server, it did so in a secure manner and passed the machine account. This account did not exist in the domain of the remote server, which resulted in the failure audits in the security logs with an HRESULT of 0xC00000064. This error code means no such user exists. DTC then attempted an unauthenticated connection that was
successful and allowed the application to work.
A Netmon trace should show you this behavior.
============================
The above content is from the following POST.
http://www.winserverkb.com/Uwe/Forum.aspx/exchange-admin/57957/Security-Failure-for-an-administrative-account