Re: Mysterious login failures
From: Eric Fitzgerald [MSFT] (ericf_at_online.microsoft.com)
Date: 07/11/03
- Next message: Miha Pihler: "Re: w2k boots directly to my account with no password"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Same error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 11 Jul 2003 13:34:38 -0700
The error code below, converted to hex, maps to:
#define STATUS_NO_SUCH_USER ((NTSTATUS)0xC0000064L)
(from ntstatus.h in the Platform SDK)
Anyone who clicks "Network Neighborhood" on a shared network, including many
broadband cable networks, can potentially cause this.
The solution is to install a firewall on your machine, or use Internet
Connection Firewall on Windows XP.
If you have only the one computer at home, and you don't use shared files or
printers or a shared internet connection, then you could stop and disable
the Server service and this would also cause the events to cease.
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing Microsoft Corporation The above message is provided "AS-IS" with no warranties, and confers no rights. "Shannon Jacobs" <shanen@my-deja.com> wrote in message news:u#KP11rODHA.2248@TK2MSFTNGP11.phx.gbl... > I have a W2KP box in a corporate network. Since enabling the audit log for > login attempts, I've been seeing a pattern of random failures. It doesn't > seem to be malicious (most of the time), but I'm curious what it's about. > There are a number of machines in my section, but only two of them make > periodic attempts to log into my computer. One of them used to share a > printer, but that was before he replaced his machine, and I had already > gotten rid of that printer by that time, and he doesn't have any relevant > driver installed now, so I can't see any link there. The other one has never > had any reason to access my computer as far as I know. There are also some > attempts coming from neighboring sections, and no reason I know of there. > Most of them are from people I've never heard of. > > Yesterday there was a new one, from another person I've never heard of, > apparently again looking for his personal account on my machine, where it > has never existed. The event manager entry gives no useful hints, unless > MICROSOFT_AUTHENTICATION_PACKAGE_V1_0, error code: 3221225572 has some > ritual significance to someone. > > Right now my guess is that these computers have some odd service installed, > and they are periodically scanning around, including visiting my machine, to > see if my machine is somehow related to their odd service... How to check > such a thing? >
- Next message: Miha Pihler: "Re: w2k boots directly to my account with no password"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Same error"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
