RE: Event ID 524 even with network access OK'd

From: Russ Knapp (
Date: 03/21/03

From: "Russ Knapp" <>
Date: Fri, 21 Mar 2003 14:20:21 -0800

Thanks, Jeff, I will try these things. As I indicated,
SYSTEM is allowed to access from network, but I did not
check to see if SYSTEM was denied that same access. And,
I will check to see if FRS service is running. If so, I
will stop it. Give me a day or two, as it is busy here!!
Thanks. Russ.
>-----Original Message-----
>Hi Russ,
>The logon type ˇ°3ˇ± corresponds to ˇ°Network Logonˇ±,
which is involved
>when the authentication is done via network access.
>Please go ahead and check the following two local
>"Access this computer from network" and "Log on locally"
>If these two are denied or set too restrict, you will
get such Failure
>Audit logs.
>At the same time, please manually stopped the File
Replication Service for
>a test if it is enabled for now.
>Jeff Qiu
>Online Support Professional
>Microsoft Corporation
>This posting is provided ˇ°AS ISˇ± with no warranties,
and confers no
>>Content-Class: urn:content-classes:message
>>From: "Russ Knapp" <>
>>Sender: "Russ Knapp" <>
>>Subject: Event ID 524 even with network access OK'd
>>Date: Wed, 19 Mar 2003 12:43:20 -0800
>>I recently demoted an AD DC/GC server to a member
>>Everything is working just fine except for the
>>event showing up in the Security log, about 20 times
>>Event Type: Failure Audit
>>Event Source: Security
>>Event Category: Logon/Logoff
>>Event ID: 534
>>Date: 3/19/2003
>>Time: 3:31:04 PM
>>Computer: MYSERVER
>>Logon Failure:
>> Reason: The user has not been granted the
>>requested logon type at this machine
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>>In the security policy for the local machine, the
>>EVERYONE group and the SYSTEM account have permissions
>>to "access this machine from the network". I can find
>>other reason for these events being logged. They are
>>logged even if I log off the machine and leave the
>>machine logged off.
>>Does anyone have any idea what I need to do to satisfy
>>this problem? Any help is appreciated.

Relevant Pages

  • Re: Connecting 54k dial up through 3com888 - small problem
    ... > dial up over a 54g network. ... > Jeff Liebermann provided me with some valuable info on the process. ... > The boot on LAN is deactivated in the desktop PC BIOS. ... Rob ...
  • Re: System Logging on Windows
    ... utilize some kind of scripting and small utilities for this. ... >logs of the domain clients to be logged in the security log of the ... >Domain Controller. ... Network Technician II ...
  • Re: People accessing my machine
    ... The security log would keep track of who accessed your computer from the ... network but you need to be a local administrator to open it with Event ... The Windows Firewall ...
  • Re: Security Log file full often
    ... maintain the browse list that you see in My Network Places. ... WORKGROUP GROUP Registered ... >I have a workstation that the security log file gets full every few days. ...
  • Re: Logging login event
    ... You won't see an IP address in the security log but you should see a type 3 ... network logon if any other user has accessed your computer from the network ... work to see what are established connections that you have to another ... BTW I have figured out how to log login events? ...