Re: Security Event 529 is logged for a local user account

Just in case, I have seen these events on two occasions:

1. When Sophos Small Business Suite is used
2. When Windows XP Home are on the network and have network drives defined
that (obviously) require a username/password

Xavier

"Maxibo" <totallyanon@xxxxxxxxx> wrote in message
news:ucs5ET6cGHA.2456@xxxxxxxxxxxxxxxxxxxxxxx
Hi Attika

I am trying to get to the bottom of this as seeing this at every client
site... Haven't had that many in one hit but we have found this happens
when some pcs do not have the right time with the server, could this be
the issue with your rogue pc?

However, even correcting time issues that particular pc doesn't generate
the error but another does...LOL

It is always the Logon Type 3 NtLmsp / NTLM and happens infrequently to
monitor but regular to the annoying stage.


"Attika" <acsokai_n0spam@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:uOKo8u5cGHA.536@xxxxxxxxxxxxxxxxxxxxxxx
The other day, the daily report indicated that there were 358 failed
login attempts from a user's computer in one day. Researching the issue I
found that there is a KB811082 that talkes about this issue. See link:
http://support.microsoft.com/default.aspx?scid=kb;en-us;811082
Workaround One is to apply SP2 for XP, which the machine already has, and
to apply a hotfix to Server 2003 (and SBS 2003 I would think). Now, since
this KB was released in October 2005, I thought this may have been in
incorporated into an official update. Howver the server is also up to
date with all security updates for all its components.

BTW, here is the event log:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Joe Smith
Domain: STATION5
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: STATION5
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.16.106
Source Port: 0





.

Relevant Pages

  • Re: Security Event 529 is logged for a local user account
    ... It is always the Logon Type 3 NtLmsp / NTLM and happens infrequently to ... Logon Process: NtLmSsp ... Caller User Name: - ... Source Network Address: 192.168.16.106 ...
    (microsoft.public.windows.server.sbs)
  • Re: Security Event 529 is logged for a local user account
    ... When Windows XP Home are on the network and have network drives defined ... It is always the Logon Type 3 NtLmsp / NTLM and happens infrequently to ... Caller User Name: - ... Source Network Address: 192.168.16.106 ...
    (microsoft.public.windows.server.sbs)
  • Re: Help needed with Critical Errors in Security Log
    ... but you can look for the Caller Process ID. ... Logon Type 5 is Service logon issue- service uses an account. ... How to Setup Windows, Network, VPN & Remote Access on ...
    (microsoft.public.windows.server.sbs)
  • Re: Win95 to Server2003
    ... In my eventvwr on the server I see: Successful network logon: Username: ... authentication package: NTLM, workstation name: \\TEST, source network ... Username: userguy, domain: fallacy, logon type: 3. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Win95 to Server2003
    ... I might be able to swallow WIN98 in today's world, ... In my eventvwr on the server I see: Successful network logon: Username: ... authentication package: NTLM, workstation name: \\TEST, source network ... Username: userguy, domain: fallacy, logon type: 3. ...
    (microsoft.public.windows.server.active_directory)