Re: EVent ID 529- Need some interpretation

If you know who it is then you should speak with their supervisor. If you
don't know who it is and there is only an attempt or two then I don't think
there is anything to worry about. Make sure though that you have a good
password policy including password changes occur frequently.

--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"Orvs" <Orvs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C09BD15D-F15A-4A65-9D7B-8C06577C7326@xxxxxxxxxxxxxxxx
Thanks! Paul..

But the question user trying to login is from the outside the domain and
not
on my local domain.

Thanks

"Paul Bergson [MVP-DS]" wrote:

You got a logon attempt that was unsuccessful. One isn't a problem, if
you
start to see hundreds and you don't have a policy to lock out an account
after so many tries then that would be a problem.

Check the gpo default domain gpo lockout policy and see what you have set
for:
Account Lockout Duration
Account Lockout Threshhold
Reset account lockout counter after


--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no
rights.

"Orvs" <Orvs@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8FA15519-E4AB-414A-BB08-7578CD34DBED@xxxxxxxxxxxxxxxx
I 'm reviewing some security logs in my child domain and I saw couple of
login failures from other child domain.

Logon Failure :
Reason Unknown user name or bad password
Logon type :3
Logon Process NTLmSsp
Authentication package:NTLM

Is this a security threat?? Appreciate if someone can interpret this
for
me..

Thank you







.

Relevant Pages

  • RE: Event ID 537 and Kerberos
    ... a logon type of 3 translates to Network. ... Click Services tab and select Hide All Microsoft Services and Disable ... Step 4: Configure account lockout policy. ... and then click Account Lockout Policy. ...
    (microsoft.public.windows.server.sbs)
  • Re: Newbie needs more help.. almost hacked, 3 simple questions
    ... Thank you, I am looking into the policy now, I belive I have done that and it ... the link inside the security alert and it brought up a refrence to support on ... Account lockout threshold 50 invalid logon attempts ...
    (microsoft.public.windows.server.sbs)
  • RE: Limit number of Logon attempts
    ... I understand that you want to adjust the logon attempts through Group ... we have an Account Lockout policy ...
    (microsoft.public.windows.server.sbs)
  • Re: EVent ID 529- Need some interpretation
    ... You got a logon attempt that was unsuccessful. ... Check the gpo default domain gpo lockout policy and see what you have set ... Account Lockout Threshhold ... login failures from other child domain. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Newbie needs more help.. almost hacked, 3 simple questions
    ... but the port was still open. ... Adjust the SBS Lockout policy ... Account lockout threshold 50 invalid logon attempts ... The port was open and I just tested that condition again, and was unable to make a logon appear or try to logon to the server it just returns a page can't be displayed arroe in IE and no connection state in cute FTP. ...
    (microsoft.public.windows.server.sbs)