Re: Security failures

From: Mark-Allen (mark-allen_at_mvps_dot_org)
Date: 07/26/04

• Next message: Mark-Allen: "Re: logged in as Admin, can't install"
• Previous message: Mark-Allen: "Re: Sharing Violation"
• In reply to: Chris S Patterson: "Security failures"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 26 Jul 2004 22:30:19 +0200

I get these when a user or process on a system somewhere in the domain has tried to connect to my system. Most times it is a rouge process trying to update scripts or programs, etc.

Normally, I send a copy of the text to the security people who contact the person at the noted workstation and tell them not to run scripts or programs which check every machine on every domain in the world.

Check with your security people on what to do.

-- 
Mark-Allen Perry
ALPHA Systems, Switzerland
mark-allen AT mvps DOT org
  "Chris S Patterson" <None@noen.com> wrote in message news:ujFAMBccEHA.3904@TK2MSFTNGP12.phx.gbl...
  I have been geeting the fallowing errors often in my security log. The first
  dealing with Kerberos and the second concern me the most. I am running
  certificates
  Event Type: Failure Audit
  Event Source: Security
  Event Category: Logon/Logoff
  Event ID: 537
  Date:  7/22/2004
  Time:  6:05:08 PM
  User:  NT AUTHORITY\SYSTEM
  Computer: CONAN
  Description:
  Logon Failure:
    Reason:  An unexpected error occurred during logon
    User Name:
    Domain:
    Logon Type: 3
    Logon Process: Kerberos
    Authentication Package: Kerberos
    Workstation Name: -
  Event Type: Failure Audit
  Event Source: Security
  Event Category: Account Logon
  Event ID: 677
  Date:  7/23/2004
  Time:  5:38:36 PM
  User:  NT AUTHORITY\SYSTEM
  Computer: Server
  Description:
  Service Ticket Request Failed:
    User Name: Server$
    User Domain: WHITFIELDOIL.COM
    Service Name: krbtgt/WHITFIELDOIL.COM
    Ticket Options: 0x2
    Failure Code: 0x20
    Client Address: 127.0.0.1
  Event Type: Failure Audit
  Event Source: Security
  Event Category: Logon/Logoff
  Event ID: 529
  Date:  7/24/2004
  Time:  1:16:37 AM
  User:  NT AUTHORITY\SYSTEM
  Computer: Server
  Description:
  Logon Failure:
    Reason:  Unknown user name or bad password
    User Name: administrator
    Domain:  Server
    Logon Type: 2
    Logon Process: Advapi
    Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Workstation Name: Server

• Next message: Mark-Allen: "Re: logged in as Admin, can't install"
• Previous message: Mark-Allen: "Re: Sharing Violation"
• In reply to: Chris S Patterson: "Security failures"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Rogue Workstation? ... I noticed the following entries in the Security log of one of my Windows ... Event Type: Failure Audit ... The logon to account: Administrator ... (microsoft.public.windows.server.active_directory) Re: Help - RPC over http credential issue ... I am showing the following errors in my DC event security log: ... Event Type: Failure Audit ... Logon Failure: ... (microsoft.public.exchange.setup) Re: Internet Explorer and Outlook Express problems after standby mode ... > Event Type: Failure Audit ... > Event Source: Security ... > Event Category: Account Logon ... (microsoft.public.windowsxp.perform_maintain) change administrator password ... the Security Event Viewer. ... Is there a procedure to follow when changing the administrator password, ... Event Type: Failure Audit ... Logon Failure: ... (microsoft.public.win2000.security) Re: Cant delegate/share to a group ... Try changing the Distribution group to a security group. ... The client operation failed". ... > Event Type: Success Audit ... > Successful Network Logon: ... (microsoft.public.exchange2000.general)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint