RE: Auditing enabled but Logon Failures not showing up
From: Roan, Wayne (wroan_at_cbc-raleigh.com)
Date: 10/21/03
- Previous message: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Maybe in reply to: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Next in thread: dave kleiman: "RE: Auditing enabled but Logon Failures not showing up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'thenile@ziplip.com'" <thenile@ziplip.com> Date: Tue, 21 Oct 2003 13:03:16 -0400
First, do you have more than one server in each domain? If you do, then you
probably have a replication problem between domain controllers. The local
machine will not log failed attempts to the PDC for local logins. It will
log failed attempts for domain logins.
Wayne
-----Original Message-----
From: thenile@ziplip.com [mailto:thenile@ziplip.com]
Sent: Monday, October 20, 2003 10:23 PM
To: focus-ms@securityfocus.com
Subject: Auditing enabled but Logon Failures not showing up
Hi,
Two NT 4 (SP 6 a) domains with a trust relationship from one to the
other.
If a user (running win 2k SP4 with latest updates) tries to logon to
either of the domains with a wrong password, no failure events show up on
the PDC or BDC.
Successful logons/log offs do show up in the event logs.
However if a user tries to logon to his specific machine (Choose this
machine form the drop down menu) with a wrong password a failure event shows
up in the PDC logs.
Auditing is enabled on both domains and log on and log offs success
and failures are both ticked in the auditing section on both domains.
I am not sure if this started happening recently or it has always been like
this.
Any ideas would be greatly appreciated.
Thank you.
thenile
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------
---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security
Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console
Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_focus-ms_031015
---------------------------------------------------------------------------
- Previous message: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Maybe in reply to: thenile_at_ziplip.com: "Auditing enabled but Logon Failures not showing up"
- Next in thread: dave kleiman: "RE: Auditing enabled but Logon Failures not showing up"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
