In an Active Directory directory service domain environment, you configure intrusion detection software (IDS) on the Key Distribution Center (KDC). This software can detect a replay attack in the network.

However, when you try to use a nonexistent domain user account to log on to the domain from a Windows-based client computer, you may receive a warning of a replay attack. This warning is triggered by the IDS.

Note: This behavior may occur in all versions of Windows. For example, it may occur in Windows XP, in Windows Server 2003, and in Windows Vista.