Re: Authentication failures

---

• From: "Mike Bannister" <mbannist@xxxxxxxxx (donotspam)>
• Date: Fri, 3 Feb 2006 12:32:30 -0800

---

The user account is not locked out. The user is able to logon to other
workstations in the domain. No the user has not recently changed password and
lastly the user never logs in on any other workstation so simultaneous
multiple client sessions can be ruled out also.
--
Mike Bannister


"AllenM" wrote:

When you checked was the user account locked out? Can they log onto another
machine? Has the user recently change their password? Perhaps they were
still logged in elswhere when they did?


"Mike Bannister" <mbannist@xxxxxxxxx (donotspam)> wrote in message
news:34730CED-376D-4DAD-98BA-EFAFEE538045@xxxxxxxxxxxxxxxx

I wish it were that obvious and easy. Of course I have checked the user
account. The user logs in every day. The bulk of the events are occuring
during off hours when the user is not present?


--
Mike Bannister


"Mike Bannister" wrote:

I am running SBS 2003 Sp1 with all XP pro clients. One of the clients has
suddenly started causing security event 529 as well as a netlogon failure
event 5722. I have tried deleting machine from domain and rejoining and
it
did not solve issueThe logs shows the following:

Source Event ID Last Occurrence Total
Occurrences
Security 529 2/3/2006 5:23 AM 26 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: JeanHinsley
Domain: BCCIPDC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: BCCIJHINSLEY
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.33
Source Port: 3391


Source Event ID Last Occurrence Total Occurrences
NETLOGON 5722 2/3/2006 4:25 AM 6 *

The session setup from the computer BCCIJHINSLEY failed to authenticate.
The
name(s) of the account(s) referenced in the security database is
BCCIJHINSLEY$. The following error occurred: Access is denied.

Thanks in advance for your help...

--
Mike Bannister

.

---

• Follow-Ups:
  • Re: Authentication failures
    • From: Gabriel C. Stan
  • Re: Authentication failures
    • From: AllenM

• References:
  • Re: Authentication failures
    • From: AllenM

• Prev by Date: Re: Data Execution Prevention shuts down Microsoft MDB Store
• Next by Date: Re: Backup fails - possible problem with exchange store?
• Previous by thread: Re: Authentication failures
• Next by thread: Re: Authentication failures
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Event ID 539 & 529 in large numbers - from what? ... Part of what I meant though, is that <username> could be the name of a user or the name of a machine, when a machine is connecting to the server to get group policies, for example. ... Both the username and the workstation name are legitimate user/workstation on the network. ... Logon Failure: ... Caller User Name: - ... (microsoft.public.windows.server.sbs) Event ID 539 & 529 in large numbers - from what? ... The only thing unique about this particular workstation ... Logon Failure: ... Logon Process: NtLmSsp ... Caller User Name: - ... (microsoft.public.windows.server.sbs) Re: Wrong domain in event log? ... The failed login was from the workstation called BCCIJHINSLEY at IP address ... Les Connor [SBS Community Member - SBS MVP] ... Logon Failure: ... Caller User Name: - ... (microsoft.public.windows.server.sbs) Re: Another Event 529 ... I am loging hundreds of NT AUTHORITY\SYSTEM Logon failures from my ... All workstation seem to be getting triggering ... same event with different Source Port #'s. ... Caller User Name: - ... (microsoft.public.windows.server.sbs) RE: Authentication failures ... "Mike Bannister" wrote: ... Logon Failure: ... Caller User Name: - ... The session setup from the computer BCCIJHINSLEY failed to authenticate. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(11)