RE: Event Log entries?
anonymous_at_discussions.microsoft.com
Date: 12/31/03
- Next message: Oli Restorick [MVP]: "Re: Do Not Display Last User Name In Logon Screen"
- Previous message: Bob Qin [MSFT]: "RE: Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 31 Dec 2003 11:06:57 -0800
The server is a W2K web server with OWA 5.5. Fairly
vanilla...
The workstation that was identified in the event log
is a laptop with W2K, OfficeXP pro, VB6 Ent, IIS5,
VS.Net2K3, Zone Alarm Pro, and several other programs.
This laptop has been on the network for 2+ years and this
fit has not occured since (or before) the occurance
outlined below.
Thanks
>-----Original Message-----
>INLINE:
>
>Pleae note that there are some products that cause
excessive 538's 540's
>and 576's ... What products are on the server that was
pusing these every
>second for 5 hours...
>
>--------------------
>| From: "Kevin" <anonymous@discussions.microsoft.com>
>| Sender: "Kevin" <anonymous@discussions.microsoft.com>
>| Subject: Event Log entries?
>| Date: Tue, 30 Dec 2003 11:06:03 -0800
>
>|
>| This is a lengthy post... Sorry but need to describe....
>|
>| We have a server that we setup to capture every event
in
>| the event log. We are noticing a strange group of
entries
>| that we are not sure what it is. I assume it is some
>| standard OS / Network level entry because it happens
often
>| and is a consistent set of entries but we do not know
what
>| the entries mean and would like to know if anyone out
>| there does.
>|
>| Log Entries....
>| Success audit
>| Category: Privilege use
>| Event ID: 576
>| Username: domain\computername$
>|
>| In the Description:
>| Special Privileges assigned to new user
>| User Name and Domain Blank
>| Assigned: SeChangeNotifyPrivilege
>
>>>>>>>822774 System Performance Decreases, and Many Event
ID 576 Entries
>Are Logged
>>>>>>>http://support.microsoft.com/?id=822774
>
>
>|
>| Success audit
>| Category: Logon/Logoff
>| Event ID: 540
>| Username: domain\computername$
>|
>| In the Description:
>| Successful Network logon
>| User Name: computername$
>| Domain: domain
>| Logon Type: 3
>
>>>>>>>Machine authenticating to the domain
>
>
>|
>| Success audit
>| Category: Logon/Logoff
>| Event ID: 538
>| Username: domain\computername$
>|
>| In the Description:
>| User Logoff
>| User Name: computername$
>| Domain: domain
>| Logon Type: 3
>
>>>>>>> Machine ending communication with domain at this
time.
>|
>| These 3 entries always accompany each other. The
>| interesting issue is that this happened to one of our
>| servers over the weekend but that the entries were
taking
>| place every second and filled up our 25mb log file in
>| about 5 hours. We disconnected the computer from the
>| network that was mentioned in the username field and
these
>| entries stopped. We plugged the computer back in this
>| morning and it isn't happening?
>|
>| We have done the normal virus / hack research but this
>| does not appear to be that at all. In fact we see in
the
>| logs where other entries of this type are in the system
>| but for different computers....
>|
>| We did notice that the Computer Browser service was on
for
>| this server and it shouldn't have been so we turned it
off.
>|
>| Does anyone know what this is?
>|
>| Kevin
>|
>|
>|
>
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>.
>
- Next message: Oli Restorick [MVP]: "Re: Do Not Display Last User Name In Logon Screen"
- Previous message: Bob Qin [MSFT]: "RE: Terminal Services"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
