Re: Lots of Event Security logs 529?? Explanation Please

Roger thank you for the feedback.

Here is the unedited version in one of the failures..
Can you please more a bit.. I'm kinda of confuse?

How come this server is also intercepting all login failures.. Even though
not address to himself??

Security Failure Audit Logon/Logoff 529 NT
AUTHORITY\SYSTEM My-server-FS "Logon Failure:
Reason: Unknown user name or bad password
User Name: Dell
Domain: DVDZ1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: DVDZ1 "




"Roger Abell [MVP]" wrote:

"Super Boobahlicious" <SuperBoobahlicious@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote
in message news:33EB53AA-2089-4260-A7B8-26EA7EE52D88@xxxxxxxxxxxxxxxx
I have so many events in Failure Audit logs lately. I know that this type
of event is not necessarily directing to login to local machine.

However I still don't understand how this sessions are interpreted by the
system as if the machine is trying to log into the system?? eventhough
not..

Any valid useful explanation??

Event is 529
Login Failure
Reason: Unknown user name or Password
User Name: mytest
Domain:SErver_app
Logon Type:3
Logon Process: NTLMssP
Workstation Name:mytest



For this event you asked
Any valid useful explanation??
and of course there is.

This shows that there is some process on machine "mytest"
that is attempting to do a network login to the machine where
this event is recorded using an account server_app\mytest
(which is an admin/user defined account, not the machine
itself which would appear as server_app\mytest$ ) and this
shows the login attempts are failingl

Examine that machine's running processes and also look
for traces of that domain principal.
If the here all important missing $ in the account name is
due to your having edited the event message, then provide
the actual unedited message - little changes can make big
changes in meaning.






.

Relevant Pages

  • Re: Lots of Event Security logs 529?? Explanation Please
    ... of event is not necessarily directing to login to local machine. ... This shows that there is some process on machine "mytest" ... (which is an admin/user defined account, ... due to your having edited the event message, ...
    (microsoft.public.security)
  • Weakness introduced by denying remote logins on AIX, possibly others
    ... AIX 4.3.3 and AIX 5.1, ... is possible to remotely enumerate the passwords of a known AIX account. ... believed to be in the response from the login program after authentication ... Give accounts that have been restricted from remote logins strong passwords. ...
    (Security-Basics)
  • 9/11 Explains The Impotence Of
    ... The anti-war movement has proven impotent to stop the war in Iraq despite the ... Recognition of the inadequacy of the official account of the collapse of the ... most glaring failures in the official account is the lack of an explanation of ... failures, we must rely on theoretical speculative ...
    (soc.culture.malaysia)
  • Re: Please! Doesnt anyone know a better way to do this?
    ... account, they need to automatically be directed to the page to enter data ... session variable on the Account page. ... I assume here that you're checking a database when the user attempts to ... When a new user attempts to login or clicks to register, ...
    (microsoft.public.dotnet.framework.aspnet)
  • WinXP laptop, simple-style login conn to Win2000 share, error
    ... So, to simplify matters, add all machines to the domain. ... local machine accounts) to keep track of... ... the local account information. ... the "pushbutton login") and configure the Laptops to auto ...
    (microsoft.public.windowsxp.security_admin)
Quantcast