Re: Source W3SVC Event ID:100
From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 12/26/03
- Previous message: Bernard: "Re: changing NT password using SSL"
- In reply to: Brennon: "Source W3SVC Event ID:100"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 25 Dec 2003 20:07:40 -0800
It's not anything to be concerned about. Namely, since IIS facilitates a
remote identity to logon, that logon could have honest failures, which are
logged. As Bernard notes, if there's like hundreds of failures, it could
signify an attempt to do a Dictionary attack on username/password. But if
it's just a small number... it's probably due to user error of some sort
(for example, the user may have some credentials cached to auto-login, but
it mistakenly triggers for your server... and hence it honestly fails).
Either that, or someone is *really* patiently trying to Dictionary attack
your server...
-- //David IIS This posting is provided "AS IS" with no warranties, and confers no rights. // "Brennon" <anonymous@discussions.microsoft.com> wrote in message news:304995A7-C4EB-420D-99AD-1C513F6721A8@microsoft.com... Here is the Error I receive: The server was unable to logon the Windows NT account 'dealerschoice' due to the following error: Logon failure: unknown user name or bad password. The data is the error code. The user account dealerschoice is not on the machine or in AD, so where is it coming from? I get about 5 to 10 of these errors a day with different user names. Any help would be greatly appreciated. Thanks
- Previous message: Bernard: "Re: changing NT password using SSL"
- In reply to: Brennon: "Source W3SVC Event ID:100"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
