RE: Event ID 529
- From: thejamie <thejamie@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Jul 2006 13:37:02 -0700
ISA is part of the Premium install. I was asking only because it generally
represents a good security practice whether novice or not. The likelihood
is that you already have a good security solution in place. I hate ISA
because it shuts down everything I want except VPN. The VPN still works
nicely though. I think perhaps this is for the better because what I
understand about security fits in a thimble.
--
Regards,
Jamie
"Scott" wrote:
No ISA here..
We're just a small humble office. I installed SBS2003 mainly for the
exchange feature and remote access capability. Perhaps a bit of overkill, but
the install was easy, it seems to be runnning smoothly and I don't have
enough time ear-marked as the designated IT person :-)
"thejamie" wrote:
Here is what it looks like locally: (I reinstalled the server about 4 days
ago after a problem that resulted from installing SQL Server 2005 or I would
give you an offsite copy as well.) I don't believe it is cause for concern.
Still, it doesn't hurt to be concerned. Are you running ISA?
Logon Failure:
Reason: Unknown user name or bad password
User Name: MYLOGONNAME
Domain: MYDOMAIN
Logon Type: 3
Logon Process: IAS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name:
Caller User Name: MYSVRNAME$
Caller Domain: MYDOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 996
Transited Services: -
Source Network Address: -
Source Port: -
--
Regards,
Jamie
"Scott" wrote:
Thanks Jamie, I'll try that at home tonight to see what happens.
Yet I'm still a bit confused. We're a 4 person office. No one here would
have the means to attempt a log in from an odd domain name outside the
network. Was this an attempted security breach?
"thejamie" wrote:
You get one of these for each time a user incorrectly types in their pasword
or at least if they do this over a VPN (I am not using it internally - mostly
via VPN). Try it. Go someplace outside of your network, login but use the
wrong password. The system will record and report your attempt.
--
Regards,
Jamie
"Scott" wrote:
Received the following error message. We're a small office so I know this was
not generated internally. I have no idea who the user and domain are. Can
someone please explain what happened here?
Logon Failure:
Reason: Unknown user name or bad password
User Name: LEHNT02$
Domain: LEOHK
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: LEHNT02
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -
- References:
- RE: Event ID 529
- From: thejamie
- RE: Event ID 529
- From: Scott
- RE: Event ID 529
- Prev by Date: Re: GPO - Exchange default email
- Next by Date: Re: SQL SERVER EXPRESS authentication greyed out
- Previous by thread: RE: Event ID 529
- Next by thread: Re: GPO - Exchange default email
- Index(es):
Relevant Pages
|
