Another Event 529
- From: "Terry M" <terrym@xxxxxxxxxxxxxxxxxx>
- Date: Thu, 27 Apr 2006 11:34:58 -0600
I have a fully patched SBS Prem box SP1 without ISA. I use Trend CSM, and we
using a Symantec Corporate Firewall.
I am loging hundreds of NT AUTHORITY\SYSTEM Logon failures from my
workstations like seen below.
They generally come in groups of four, for the same workstation with
different Source Ports. All workstation seem to be getting triggering the
same event with different Source Port #'s.
I recently did a hard drive upgrade and restored the Server from backup. I
did my SBS SP1 at that time.
Everything in the network seems to be working fine, my Trend AV scans did
not find anything. I have an issue with my XP laptop giving me a
"applnch.exe - Entry Point Not Found" but I did not think this was related.
Any ideas as to what is going on here?
Thanks
Terry Mc
****
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 4/25/2006
Time: 10:57:38 AM
User: NT AUTHORITY\SYSTEM
Computer: SBSServer
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name:
Domain: ADMIN1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ADMIN1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.16.38
Source Port: 4668
.
- Follow-Ups:
- Re: Another Event 529
- From: Maxibo
- Re: Another Event 529
- Prev by Date: Re: Inherited: 2 Sites - 1 Domain - 2 SBS's - intersite email?
- Next by Date: is it possible to customise the RWW pages??
- Previous by thread: Opening ports through 1 NIC + Firewall appliance, no ISA
- Next by thread: Re: Another Event 529
- Index(es):
Relevant Pages
|
