Failure Audit - Logon/Logoff - Event ID 529
- From: "SamD" <SamdWithNoEmail.com>
- Date: Thu, 15 Jan 2009 22:34:28 -0700
Hi all,
My Windows Server 2003 which works as a Web Server inside an intranet shows
a growing number of the following Failure Audits.
------------------------------------------------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 1/14/2009
Time: 9:32:44 AM
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain: WORKGROUP
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: lQPxd6fSQgERESGK
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 321.32.321.32
Source Port: 0
------------------------------------------------------------------------------
Source Network Addresses are not from our authorized users.
My Questions:
1) What does "Domain: WORKGROUP" refer to? (this server is in another
domain) ("WORKGROUP" is not a usual name in this intranet)
2) What does this meaningless " Workstation Name: lQPxd6fSQgERESGK" refer
to? (our computer names has a different name format)
3) Why User Name is blank?
Any comment and help would be appreciated.
Cheers
Sam
.
- Follow-Ups:
- Re: Failure Audit - Logon/Logoff - Event ID 529
- From: Anthony [MVP]
- Re: Failure Audit - Logon/Logoff - Event ID 529
- Prev by Date: Using IPSec; Firewall breaks sysvol replication
- Next by Date: EVENT 675
- Previous by thread: Using IPSec; Firewall breaks sysvol replication
- Next by thread: Re: Failure Audit - Logon/Logoff - Event ID 529
- Index(es):
Relevant Pages
|
