RE: Missing IP address in Security Audit

From: Ronald (Ronald_at_discussions.microsoft.com)
Date: 03/09/05

• Next message: Justin: "Remove SID/User from a local Group Policy"
• Previous message: DevGD: "Re: External Trusts between W2K DCs in Different Forests CONTINUED"
• In reply to: Ronald: "Missing IP address in Security Audit"
• Next in thread: Steven L Umbach: "Re: Missing IP address in Security Audit"
• Reply: Steven L Umbach: "Re: Missing IP address in Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Mar 2005 07:35:02 -0800

more information, as you can see, I login from a remote PC to the domain, but
the logon shows the client IP as 127.0.0.1

Authentication Ticket Granted:
User Name: Administrator
Supplied Realm Name: ALTDOMAIN
User ID: %{S-1-5-21-1390850448-2335789268-393128203-500}
Service Name: krbtgt
Service ID: %{S-1-5-21-1390850448-2335789268-393128203-502}
Ticket Options: 0x40810010
Ticket Encryption Type: 0x17
Pre-Authentication Type: 2
Client Address: 127.0.0.1

"Ronald" wrote:

> Hi All,
> not sure if you come across this problem.
>
> I have a domain with 8 members servers. Apparently we had turn on security
> audit for successful logon as well.
>
> The problem is user name, server name etc are correctly captured in the
> event log(Security( but it does not capture the correct IP of the remote host
> that login to the domain. The IP shown in the log is 127.0.0.1(local host
> address). Can anyone help and advise any settings that I have miss out?
>
> Regards
> Ronald
>

• Next message: Justin: "Remove SID/User from a local Group Policy"
• Previous message: DevGD: "Re: External Trusts between W2K DCs in Different Forests CONTINUED"
• In reply to: Ronald: "Missing IP address in Security Audit"
• Next in thread: Steven L Umbach: "Re: Missing IP address in Security Audit"
• Reply: Steven L Umbach: "Re: Missing IP address in Security Audit"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Help needed regarding Office Sharepoint Integration. ... I have no luck with Sharepoint Office Integration since WSS ... Service Ticket Granted: ... Client Address: 192.168.0.10 ... Successful Logon: ... (microsoft.public.sharepoint.windowsservices) Re: RWW - Local Policy connect to desktop issue ... On that client, I went to the advanced tab of the firewall ... properties and enabled the Remote Desktop service. ... that the user which can't logon is in one additional group. ... to the Remote Desktop Users group, explicitly listed the new user on the ... (microsoft.public.windows.server.sbs) Re: RWW - Local Policy connect to desktop issue ... in the Terminal Services Profile Tab. ... still can't logon to their client. ... Remote Desktop Users ... The user can logon to RWW but cannot connect to their 'computer at ... (microsoft.public.windows.server.sbs) Re: RWW:no permission to logon interactively ... You need to set permissions individually for each client ... Desktop lets you enable remote features for each machine ... >onto the Desktops. ... my administrator accounts can logon to ... (microsoft.public.windows.server.sbs) Re: Missing IP address in Security Audit ... Be sure you check all the logon event entries. ... Service Ticket Request: ... Client Address: 192.168.1.52 ... > Ticket Encryption Type: 0x17 ... (microsoft.public.win2000.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint