Re: Help needed with 'Critical Errors in Security Log'
- From: "Merv Porter [SBS-MVP]" <mwport@xxxxxxxxxxxxxxxxxxx>
- Date: Sat, 6 Jan 2007 20:01:46 -0500
Not sure, but you can look for the Caller Process ID (6908). I beleive this
would be the process that made the attempt to log into the Win2K3 server.
Process Explorer for Windows v10.21
http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx
While you can do this by setting up Windows Task Manager to display the PID
on the SBS server, the utility above is easier and quicker to use.
--
Merv Porter [SBS-MVP]
============================
"David" <davidmccaldin@xxxxxxxxx> wrote in message
news:1168129070.619132.32730@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Thanks.
What happened was that i changed the administrators account password on
the wsbs03 server. Something is still trying to use the old password.
Any ideas how i can figure out which program is trying to do this so
that i can change the password its trying to use. I checked trendmicro
and reretrospect and others but they are now all using the new
password.
Any more help would be appreciated.
Robert L [MVP - Networking] wrote:
Logon Type 3 is network logon issue - network mapping (net use/net view).
Logon Type 5 is Service logon issue- service uses an account. These
search result may help,
Event ID 529
Event Type: Failure Audit Event Source: Security Event Category:
Logon/Logoff ... Domain: client computer name Logon Type: 3 Logon
Process: KSecDD ...
http://www.chicagotech.net/troubleshooting/event529a.htm
Logon Failure: Account locked out
Note: The Logon Types are: Type 2 : Console logon - interactive
from the ... Type 8: NetworkCleartext - Logon with credentials sent in
the clear text, ...
http://www.chicagotech.net/troubleshooting/event539.htm
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com
"David" <davidmccaldin@xxxxxxxxx> wrote in message
news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Windows small business server
Critical Errors in Security Log
Hi does anyone know how to fix these errors:
Source Event ID Last Occurrence Total Occurrences Security 529
1/2/2007 3:36 AM 797 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: barsanadham.lan
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: JKPBD02
Caller User Name: administrator
Caller Domain: BARSANADHAM
Caller Logon ID: (0x0,0x11EC99B2)
Caller Process ID: 6908
Transited Services: -
Source Network Address: -
Source Port: -
Source Event ID Last Occurrence Total Occurrences Security 537
1/1/2007 10:21 AM 1
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC0000133
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.84
Source Port: 0
------=_NextPart_000_00C2_01C72E8F.E83B2620
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 4309
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3020" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Verdana>Logon Type 3 is network logon issue -
network
mapping (net use/net view). Logon Type 5 is Service logon issue-
service
uses an account. These search result may help,</FONT></DIV>
<DIV><FONT face=Verdana></FONT> </DIV>
<DIV>
<DIV class=g>
<H2 class=r><A class=l onmousedown="return
clk(this.href,'','','cres','2','')"
href="http://www.chicagotech.net/troubleshooting/event529a.htm";><FONT
color=#663399 size=3>Event ID 529</FONT></A></H2>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD class=j>
<DIV>Event <B>Type</B>: Failure Audit Event Source: Security Event
Category: <B>Logon</B>/Logoff <B>...</B> Domain: client computer
name
<B>Logon Type</B>: 3 <B>Logon</B> Process: KSecDD
<B>...</B><BR><SPAN
class=a><FONT color=#008000><A
href="http://www.chicagotech.net/troubleshooting/event529a.htm";>http://www.chicagotech.net/troubleshooting/event529a.htm</A>
</FONT></SPAN></DIV>
<DIV><SPAN
class=a></SPAN> </DIV></TD></TR></TBODY></TABLE></DIV>
<DIV class=g><A class=l onmousedown="return
clk(this.href,'','','cres','4','')"
href="http://www.chicagotech.net/troubleshooting/event539.htm";><FONT
color=#663399><FONT size=3><B>Logon</B> Failure: Account locked
out</FONT></FONT></A></DIV>
<DIV class=g>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD class=j>Note: The <B>Logon Types</B> are: <B>Type</B> 2 : Console
<B>logon</B> - interactive from the <B>...</B> <B>Type</B> 8:
NetworkCleartext - <B>Logon</B> with credentials sent in the clear
text,
<B>...</B><BR><SPAN class=a><FONT color=#008000><A
href="http://www.chicagotech.net/troubleshooting/event539.htm";>http://www.chicagotech.net/troubleshooting/event539.htm</A></FONT></SPAN></TD></TR></TBODY></TABLE></DIV></DIV>
<DIV><BR>Bob Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet,
Routing, VPN
Troubleshooting on <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> <BR>How
to
Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A>
</DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px;
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"David" <<A
href="mailto:davidmccaldin@xxxxxxxxx";>davidmccaldin@xxxxxxxxx</A>>
wrote in
message <A
href="news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Windows
small business server<BR>Critical Errors in Security Log<BR><BR>Hi does
anyone
know how to fix these errors:<BR><BR><BR>Source Event ID Last
Occurrence Total
Occurrences Security 529<BR>1/2/2007 3:36 AM 797 *<BR><BR>Logon
Failure:<BR>Reason: Unknown user name or bad password<BR>User Name:
administrator<BR>Domain: barsanadham.lan<BR>Logon Type: 5<BR>Logon
Process:
Advapi<BR>Authentication Package: Negotiate<BR>Workstation Name:
JKPBD02<BR>Caller User Name: administrator<BR>Caller Domain:
BARSANADHAM<BR>Caller Logon ID: (0x0,0x11EC99B2)<BR>Caller Process ID:
6908<BR>Transited Services: -<BR>Source Network Address: -<BR>Source
Port:
-<BR><BR><BR><BR>Source Event ID Last Occurrence Total
Occurrences
Security 537<BR>1/1/2007 10:21 AM 1<BR><BR>Logon Failure:<BR>Reason: An
error
occurred during logon<BR>User Name:<BR>Domain:<BR>Logon Type:
3<BR>Logon
Process: Kerberos<BR>Authentication Package: Kerberos<BR>Workstation
Name:
-<BR>Status code: 0xC000006D<BR>Substatus code: 0xC0000133<BR>Caller
User
Name: -<BR>Caller Domain: -<BR>Caller Logon ID: -<BR>Caller Process ID:
-<BR>Transited Services: -<BR>Source Network Address: 192.168.0.84
<BR>Source Port: 0<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_00C2_01C72E8F.E83B2620--
Thansk
.
- References:
- Prev by Date: Re: Unable to join client to domain
- Next by Date: Re: Installing SBS 2003 R2 on a Desktop running XP Pro
- Previous by thread: Re: Help needed with 'Critical Errors in Security Log'
- Next by thread: security group as distrubution group member
- Index(es):
Relevant Pages
|
