Re: Event Log - Security - Numerous Failures
From: Hans Walder (hans.walder_at_pointag.net)
Date: 09/17/03
- Next message: Ken Kimball: "Terminal Server Migration and Roaming Profiles"
- Previous message: David Secker: "Event Log - Security - Numerous Failures"
- In reply to: David Secker: "Event Log - Security - Numerous Failures"
- Next in thread: Alyson: "Re: Event Log - Security - Numerous Failures"
- Reply: Alyson: "Re: Event Log - Security - Numerous Failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 17 Sep 2003 20:06:24 +0300
Hi David,
You can find further information on the Event ID: 681 at
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B273499
For Event-ID 529 I have read now more possibile reasons (i.e. dictionary
attach, two long password for Terminal Service)...but if it helps you can
read it at www.eventid.net (just search for the Event-ID and you will see a
lot of more information).
I hope this helps.
Good luck,
Hans
PS: If it should be a dictionary attach on your Administrator account try to
rename your Administrator account, e.i. IamtheBoss ;-) or something
different.
Or does the same event-ID also occur for other accounts in your domain?
"David Secker" <dsecker@lionfield_dot_com> wrote in message
news:O$64QiTfDHA.2356@TK2MSFTNGP12.phx.gbl...
> Hi all, I've referred to past posts in this group many times for help, but
I
> can't seem to find an answer for my latest problem no matter where I look.
> The problem is with a security log on a Windows 2000 Server. I get
> failure audits every five minutes around the clock. They generally appear
4
> in row with 2 matching sets.
>
> First failure (and thrid) is:
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 681
> User: NT AUTHORITY\SYSTEM
> Computer: <servername>
> Description:
> The logon to account: Administrator
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> from workstation: <servername>
> failed. The error code was: 3221225578
>
> Second (and fourth) is:
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> User: NT AUTHORITY\SYSTEM
> Computer: <servername>
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: Administrator
> Domain: <domain>
> Logon Type: 7
> Logon Process: Advapi
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: <servername>
>
> I've checked all the services to make sure they are logging on properly
and
> they all seem to be. The only services that don't use the localsystem
acct
> are the Backup Exec 8 services, and they are also starting without a
> problem.
> Is there any way I can further audit the logon attempts to see what
> might be causing these? Anyone have a similar problem that they resolved?
> Any help would be greatly appricated.
>
> Thanks,
> David Secker
>
>
>
>
- Next message: Ken Kimball: "Terminal Server Migration and Roaming Profiles"
- Previous message: David Secker: "Event Log - Security - Numerous Failures"
- In reply to: David Secker: "Event Log - Security - Numerous Failures"
- Next in thread: Alyson: "Re: Event Log - Security - Numerous Failures"
- Reply: Alyson: "Re: Event Log - Security - Numerous Failures"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
