failure audit - directory service access - event id 565
From: Joe Cave (Joe@tendocom.com)
Date: 10/15/02
- Next message: Cbell: "Weird msg when trying to chnge workgroup"
- Previous message: Karl Levinson [x y] MVP: "Re: Internet port?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joe Cave" <Joe@tendocom.com> Date: Mon, 14 Oct 2002 18:01:28 -0700
hi list,
i'm having a problem with a constant failure audit (directory service
access - event id 565). here's the complete error:
Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 9/30/2002
Time: 11:04:48 AM
User: MYDOMAIN\EXCHANGE1$
Computer: DC1
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=mydomain,DC=org
New Handle ID: -
Operation ID: {0,1939799}
Process ID: 264
Primary User Name: DC1$
Primary Domain: MYDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: EXCHANGE1$
Client Domain: MYDOMAIN
Client Logon ID: (0x0,0x1D994B)
Accesses Control Access
Privileges -
Properties:
READ_CONTROL
Create Child
Delete Child
List Contents
Write Self
Delete Tree
Manage Replication Topology
- dc1 and exchange1 are the servers in question (domain controller and
exchange server obviously..). the log is taken from dc1.
- process id 264 corresponds to lsass.exe.
does anyone have any idea whats going on here? what is it thats constantly
hitting lsass? this happens every couple minutes. i can't find much doc on
event id 565 paired with the directory service access category. any help is
appreciated.
- j
- Next message: Cbell: "Weird msg when trying to chnge workgroup"
- Previous message: Karl Levinson [x y] MVP: "Re: Internet port?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
