Repeating eventid 538 and lots of "chatter" on ports 389/445
From: Rolf Barbakken (rolf@questus.no)
Date: 12/04/02
- Next message: Tim Hines, MCSE [MVP]: "Re: Security Policy on Users"
- Previous message: 1shah: "Security Policy on Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rolf Barbakken" <rolf@questus.no> Date: Wed, 4 Dec 2002 01:54:31 +0100
We have a network of two DCs and about 15 XP clients.
Recently the XP users have complained about hangs when working on the
network and slow computers in general. Checking around a bit we found that
the XP computers are generating the eventid 538 in the security log -
typically:
User Logoff:
User Name: klientcomp2$
Domain: ourdomainx
Logon ID: (0x0,0x1985CA)
Logon Type: 3
Sniffing packets on the network shows a lot of chatter between the two DCs
on ports 389 (LDAP) and 445 (Microsoft-ds).
Every 12 seconds the mentioned event is generated and at the same time the
CPU usage is 99% for svchost.exe (system) for a couple of seconds. We can
actually hear the computer is working harder because the fan spins up!
What is happening here?
-- __________________________________________ Rolf-Arne Barbakken Teknisk ansvarlig for Questus ans Web: www.questus.no * "The most exciting phrase to hear in science, the one that heralds new discoveries, is not 'Eureka!' (I found it!) but 'That's funny ...'" Isaac Asimov *
- Next message: Tim Hines, MCSE [MVP]: "Re: Security Policy on Users"
- Previous message: 1shah: "Security Policy on Users"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
