On our 3 Windows 2008 domain controllers, I have started to see a LOT of Audit Failure, Event 5159 errors.
I did some troubleshooting around the internet and found out that I should stop auditing a lot of this stuff. I tried creating a batchfile with a few commands like below:
auditpol /set /subcategory:"Filtering Platform Packet Drop" /success:disable /failure:disable
There are several other lines, but that was the first.
On the 1st DC I tried that line on, the command prompt started a very rapid infinite loop just entering that command over and over. Ctrl-C brings up "terminate batch job (Y/N)?" after a few minutes allowing me to stop the loop.
Now, when I try running ANY 'auditpol' command no matter what it is (for example: auditpol /get /category:* or auditpol /? ), it repeats the set command listed ABOVE in an infinite loop again.
I've rebooted the server 3 times, and the command still seems to be locked in somewhere and always comes back no matter what I've tried. I haven't touched the other DCs yet, because I don't want to cause problems on them until this one is straightened out.
Any assistance will be appreciated.
