source of Failure Audits is Default Web Site
- From: "G" <gregstigers+w@xxxxxxxxxxx>
- Date: Fri, 14 Mar 2008 14:26:39 -0400
I've inherited an apparently unmaintained environment. I notice that about
half of my Security events on my domain controller SVR2 are:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 3/14/2008
Time: 1:44:25 PM
User: NT AUTHORITY\SYSTEM
Computer: TMG-SVR2
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Administrator
Source Workstation: SVR1
Error Code: 0xC000006A
I start checking SVR1, a W2K box, and eventually find that stopping the
Default Web Site in IIS Admin stops these errors. We have the usual IISHelp,
IISAdmin, IISSamples, and an MSADC. There's a PerlEx web site that I gather
is ActiveState. And there are five websites from a vendor-provided Altiris
offering. Directory Security varies among Anonymous access with Username
IUSR_SVR1 and "Allow IIS to control password" checked, Basic Authentication
with no Domain Name set, and Integrated Windows authentication. I suspect
there is a problem with the IUSR_SVR1 Internet Guest Account, which I do as
a local user on SVR1 as a member of Guests, with Password never expires and
User cannot change password.
At this point, I'm not sure what to do with this. What are good solutions at
ths point?
________
Greg Stigers, MCSA
remember to vote for the answers you like
.
- Follow-Ups:
- Re: source of Failure Audits is Default Web Site
- From: David Wang
- Re: source of Failure Audits is Default Web Site
- Prev by Date: Re: Problem after setting password policy
- Next by Date: Re: source of Failure Audits is Default Web Site
- Previous by thread: Problem after setting password policy
- Next by thread: Re: source of Failure Audits is Default Web Site
- Index(es):
Relevant Pages
|
