I'm reviewing a Security:529 event for a Logon Failure and need help understanding why it is occurring. The event is coming from a domain controller running Windows Server 2003. The event states that it is a result of a laptop on the domain using process name NTLMSSP attempting to authenticate against the domain controller using the machine account (MachineName$). Logon type is 3, Event Log Category is Logon/Logoff, Event Source is Security and Authentication Packet is NTLM.
1. Why is the machine using NTLMSSP instead of Kerberos?
2. What is the purpose of the MachineName$ account authentication?
3. How can I troubleshoot why this failure was received?
Thanks!