RE: Event ID 524 even with network access OK'd

From: Russ Knapp (rknapp@4winds.com)
Date: 03/21/03


From: "Russ Knapp" <rknapp@4winds.com>
Date: Fri, 21 Mar 2003 14:20:21 -0800


Thanks, Jeff, I will try these things. As I indicated,
SYSTEM is allowed to access from network, but I did not
check to see if SYSTEM was denied that same access. And,
I will check to see if FRS service is running. If so, I
will stop it. Give me a day or two, as it is busy here!!
Thanks. Russ.
>-----Original Message-----
>Hi Russ,
>
>The logon type ˇ°3ˇ± corresponds to ˇ°Network Logonˇ±,
which is involved
>when the authentication is done via network access.
>
>Please go ahead and check the following two local
policies:
>
>"Access this computer from network" and "Log on locally"
policy.
>
>If these two are denied or set too restrict, you will
get such Failure
>Audit logs.
>
>At the same time, please manually stopped the File
Replication Service for
>a test if it is enabled for now.
>
>Regards,
>
>Jeff Qiu
>jefffqiu@online.microsoft.com
>Online Support Professional
>Microsoft Corporation
>
>This posting is provided ˇ°AS ISˇ± with no warranties,
and confers no
>rights.
>
>--------------------
>>Content-Class: urn:content-classes:message
>>From: "Russ Knapp" <rknapp@4winds.com>
>>Sender: "Russ Knapp" <rknapp@4winds.com>
>>Subject: Event ID 524 even with network access OK'd
>>Date: Wed, 19 Mar 2003 12:43:20 -0800
>>microsoft.public.win2000.security
>>
>>I recently demoted an AD DC/GC server to a member
server.
>>Everything is working just fine except for the
following
>>event showing up in the Security log, about 20 times
each
>>minute:
>>===================================================
>>Event Type: Failure Audit
>>Event Source: Security
>>Event Category: Logon/Logoff
>>Event ID: 534
>>Date: 3/19/2003
>>Time: 3:31:04 PM
>>User: NT AUTHORITY\SYSTEM
>>Computer: MYSERVER
>>Description:
>>Logon Failure:
>> Reason: The user has not been granted the
>>requested logon type at this machine
>> User Name:
>> Domain:
>> Logon Type: 3
>> Logon Process: Kerberos
>> Authentication Package: Kerberos
>> Workstation Name: -
>>
>>====================================================
>>In the security policy for the local machine, the
>>EVERYONE group and the SYSTEM account have permissions
>>to "access this machine from the network". I can find
no
>>other reason for these events being logged. They are
>>logged even if I log off the machine and leave the
>>machine logged off.
>>
>>Does anyone have any idea what I need to do to satisfy
>>this problem? Any help is appreciated.
>>
>>
>
>.
>



Relevant Pages

  • Re: Connecting 54k dial up through 3com888 - small problem
    ... > dial up over a 54g network. ... > Jeff Liebermann provided me with some valuable info on the process. ... > The boot on LAN is deactivated in the desktop PC BIOS. ... Rob ...
    (alt.internet.wireless)
  • Re: System Logging on Windows
    ... utilize some kind of scripting and small utilities for this. ... >logs of the domain clients to be logged in the security log of the ... >Domain Controller. ... Network Technician II ...
    (Security-Basics)
  • Re: People accessing my machine
    ... The security log would keep track of who accessed your computer from the ... network but you need to be a local administrator to open it with Event ... The Windows Firewall ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Security Log file full often
    ... maintain the browse list that you see in My Network Places. ... WORKGROUP GROUP Registered ... >I have a workstation that the security log file gets full every few days. ...
    (microsoft.public.windows.server.security)
  • Re: Logging login event
    ... You won't see an IP address in the security log but you should see a type 3 ... network logon if any other user has accessed your computer from the network ... work to see what are established connections that you have to another ... BTW I have figured out how to log login events? ...
    (microsoft.public.windowsxp.security_admin)