Re: Many logon "failures" ???
From: Cris Hanna [SBS-MVP] (crisnospamhanna_at_computingnospampossibilities.net)
Date: 02/22/05
- Next message: Dave Stoecker: "Re: Many logon "failures" ???"
- Previous message: Brad Pears: "Many logon "failures" ???"
- In reply to: Brad Pears: "Many logon "failures" ???"
- Next in thread: Dave Stoecker: "Re: Many logon "failures" ???"
- Reply: Dave Stoecker: "Re: Many logon "failures" ???"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 13:41:26 -0600
is it just for one machine?
this could be an attempt to hack and they are trying a dictionary attack.
-- Cris Hanna [SBS - MVP] --------------------------------------- Please reply only to the newsgroup and not to me directly so that everyone can benefit from the information "Brad Pears" <donotreply@notreal.com> wrote in message news:uMdYIWRGFHA.2588@TK2MSFTNGP09.phx.gbl... > Recently, while troubleshooting an issue I was havng, I turned on the > logging of Log-On failures on our Win2K SBS machine. > > I was able to find the answer to my problem but have noticed a ton of > logon > failures being generated. This must be having some impact on the > performance > of our machine - not to mention I can not understand why I am getting all > of > these - some I can understand but others I cannot. > > For example, at 6:12 am today, there are 12 event log # 676 all logged for > the exact same user and same machine. The error desc was an > "Authentication > ticket request failed". If I scroll down the log a bit further, I will > find > yet another 12 entries for the same machine and user - exact same error. I > see this for a few different users. I know they are not here becuase it is > the middle of the night. Clearly, something else must be trying to use > their > credentials for something??? > > Here is an example of the message description for the 676 error I am > seeing... > > Authentication Ticket Request Failed: > User Name: <user or computer name> > Supplied Realm Name: <domain name> > Service Name: krbtgt/<domain name> > Ticket Options: <options> > Failure Code: <hex failure code> > Client Address: <ip address> > > > One of the failure codes I am seeing is a 0x12 - which has to do with the > time restrictions. Since these are happening in the middle of the night > when > no one would be logging on, wehat else is trying to log on???? > > Any help in troubleshooting this would be appreciated!! > > Thanks, > > Brad > >
- Next message: Dave Stoecker: "Re: Many logon "failures" ???"
- Previous message: Brad Pears: "Many logon "failures" ???"
- In reply to: Brad Pears: "Many logon "failures" ???"
- Next in thread: Dave Stoecker: "Re: Many logon "failures" ???"
- Reply: Dave Stoecker: "Re: Many logon "failures" ???"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
