Re: Event ID 565

From: Eric Fitzgerald [MS] (ericf@online.microsoft.com)
Date: 05/21/02 

From: "Eric Fitzgerald [MS]" <ericf@online.microsoft.com>
Date: Tue, 21 May 2002 11:28:53 -0700

Hey Tom,

This is failure event 565, correct?

What object corresponds to the following GUID: {ae85ca08-d8b0-40ec-8f44-
396337cc0318} ?

What process corresponds to PID 292?

Thanks,

Eric 

--
Eric Fitzgerald
Program Manager, Windows Auditing and Intrusion Detection
Microsoft Corporation
"Tom Finlay" <tom.finlay@rollcagetech.com> wrote in message
news:51a301c2001f$7a5aea80$9ae62ecf@tkmsftngxa02...
>
> >-----Original Message-----
> >Please post the entire text of the event.
> >
> >--
> >Eric Fitzgerald
> >Program Manager, Windows Auditing and Intrusion Detection
> >Microsoft Corporation
> >
> >
> >"Tom Finlay" <tom.finlay@rollcagetech.com> wrote in
> message
> >news:3bd001c1fc32$162396c0$9be62ecf@tkmsftngxa03...
> >> Domain controller 01 generates a failure audit in
> security
> >> log, event ID 565, Directory service access, repeated
> >> failure every 30 minutes
> >>
> >> Primary User Name DC01
> >> Client User Name  DC02
> >> Access  Read Property
> >
> >
> >.Object Open:
>   Object Server: DS
>   Object Type: container
>   Object Name: %{ae85ca08-d8b0-40ec-8f44-
> 396337cc0318}
>   New Handle ID: -
>   Operation ID: {0,164179407}
>   Process ID: 292
>   Primary User Name: XXXX-XXXX-DC01$
>   Primary Domain: ROLLCAGETECH
>   Primary Logon ID: (0x0,0x3E7)
>   Client User Name: XXXX-XXXX-DC02$
>   Client Domain: XXXXXXXXXXX
>   Client Logon ID: (0x0,0x9B53C73)
>   Accesses Read Property
>
>   Privileges -
>
>  Properties:
> READ_CONTROL
> WRITE_DAC
> SYNCHRONIZE
> Create Child
> List Contents
> Read Property
> Write Property
> %{00000000-0000-0000-0000-000000000000}
> SYNCHRONIZE
> List Contents
> Read Property
> Write Property
> uSNChanged
>
> >