Re: Source W3SVC Event ID:100

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 12/26/03

  • Next message: Rich Raffenetti: "Re: Best Way to Change Password via the Web?"
    Date: Thu, 25 Dec 2003 20:07:40 -0800
    
    

    It's not anything to be concerned about. Namely, since IIS facilitates a
    remote identity to logon, that logon could have honest failures, which are
    logged. As Bernard notes, if there's like hundreds of failures, it could
    signify an attempt to do a Dictionary attack on username/password. But if
    it's just a small number... it's probably due to user error of some sort
    (for example, the user may have some credentials cached to auto-login, but
    it mistakenly triggers for your server... and hence it honestly fails).
    Either that, or someone is *really* patiently trying to Dictionary attack
    your server...

    -- 
    //David
    IIS
    This posting is provided "AS IS" with no warranties, and confers no rights.
    //
    "Brennon" <anonymous@discussions.microsoft.com> wrote in message
    news:304995A7-C4EB-420D-99AD-1C513F6721A8@microsoft.com...
    Here is the Error I receive:
    The server was unable to logon the Windows NT account 'dealerschoice' due to
    the following error: Logon failure: unknown user name or bad password.  The
    data is the error code.
    The user account dealerschoice is not on the machine or in AD, so where is
    it coming from?  I get about 5 to 10 of these errors a day with different
    user names.  Any help would be greatly appreciated.
    Thanks
    

  • Next message: Rich Raffenetti: "Re: Best Way to Change Password via the Web?"