Re: Help needed with 'Critical Errors in Security Log'
- From: "David" <davidmccaldin@xxxxxxxxx>
- Date: 6 Jan 2007 16:17:50 -0800
Thanks.
What happened was that i changed the administrators account password on
the wsbs03 server. Something is still trying to use the old password.
Any ideas how i can figure out which program is trying to do this so
that i can change the password its trying to use. I checked trendmicro
and reretrospect and others but they are now all using the new
password.
Any more help would be appreciated.
Robert L [MVP - Networking] wrote:
Logon Type 3 is network logon issue - network mapping (net use/net view). Logon Type 5 is Service logon issue- service uses an account. These search result may help,
Event ID 529
Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff ... Domain: client computer name Logon Type: 3 Logon Process: KSecDD ...
http://www.chicagotech.net/troubleshooting/event529a.htm
Logon Failure: Account locked out
Note: The Logon Types are: Type 2 : Console logon - interactive from the ... Type 8: NetworkCleartext - Logon with credentials sent in the clear text, ...
http://www.chicagotech.net/troubleshooting/event539.htm
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com
"David" <davidmccaldin@xxxxxxxxx> wrote in message news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Windows small business server
Critical Errors in Security Log
Hi does anyone know how to fix these errors:
Source Event ID Last Occurrence Total Occurrences Security 529
1/2/2007 3:36 AM 797 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: barsanadham.lan
Logon Type: 5
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: JKPBD02
Caller User Name: administrator
Caller Domain: BARSANADHAM
Caller Logon ID: (0x0,0x11EC99B2)
Caller Process ID: 6908
Transited Services: -
Source Network Address: -
Source Port: -
Source Event ID Last Occurrence Total Occurrences Security 537
1/1/2007 10:21 AM 1
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC0000133
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.84
Source Port: 0
------=_NextPart_000_00C2_01C72E8F.E83B2620
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
X-Google-AttachSize: 4309
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3020" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Verdana>Logon Type 3 is network logon issue - network
mapping (net use/net view). Logon Type 5 is Service logon issue- service
uses an account. These search result may help,</FONT></DIV>
<DIV><FONT face=Verdana></FONT> </DIV>
<DIV>
<DIV class=g>
<H2 class=r><A class=l onmousedown="return clk(this.href,'','','cres','2','')"
href="http://www.chicagotech.net/troubleshooting/event529a.htm";><FONT
color=#663399 size=3>Event ID 529</FONT></A></H2>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD class=j>
<DIV>Event <B>Type</B>: Failure Audit Event Source: Security Event
Category: <B>Logon</B>/Logoff <B>...</B> Domain: client computer name
<B>Logon Type</B>: 3 <B>Logon</B> Process: KSecDD <B>...</B><BR><SPAN
class=a><FONT color=#008000><A
href="http://www.chicagotech.net/troubleshooting/event529a.htm";>http://www.chicagotech.net/troubleshooting/event529a.htm</A>
</FONT></SPAN></DIV>
<DIV><SPAN class=a></SPAN> </DIV></TD></TR></TBODY></TABLE></DIV>
<DIV class=g><A class=l onmousedown="return clk(this.href,'','','cres','4','')"
href="http://www.chicagotech.net/troubleshooting/event539.htm";><FONT
color=#663399><FONT size=3><B>Logon</B> Failure: Account locked
out</FONT></FONT></A></DIV>
<DIV class=g>
<TABLE cellSpacing=0 cellPadding=0 border=0>
<TBODY>
<TR>
<TD class=j>Note: The <B>Logon Types</B> are: <B>Type</B> 2 : Console
<B>logon</B> - interactive from the <B>...</B> <B>Type</B> 8:
NetworkCleartext - <B>Logon</B> with credentials sent in the clear text,
<B>...</B><BR><SPAN class=a><FONT color=#008000><A
href="http://www.chicagotech.net/troubleshooting/event539.htm";>http://www.chicagotech.net/troubleshooting/event539.htm</A></FONT></SPAN></TD></TR></TBODY></TABLE></DIV></DIV>
<DIV><BR>Bob Lin, MS-MVP, MCSE & CNE<BR>Networking, Internet, Routing, VPN
Troubleshooting on <A
href="http://www.ChicagoTech.net";>http://www.ChicagoTech.net</A> <BR>How to
Setup Windows, Network, VPN & Remote Access on <A
href="http://www.HowToNetworking.com";>http://www.HowToNetworking.com</A> </DIV>
<BLOCKQUOTE
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"David" <<A
href="mailto:davidmccaldin@xxxxxxxxx";>davidmccaldin@xxxxxxxxx</A>> wrote in
message <A
href="news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxx";>news:1167766792.191270.261310@xxxxxxxxxxxxxxxxxxxxxxxxxxx</A>...</DIV>Windows
small business server<BR>Critical Errors in Security Log<BR><BR>Hi does anyone
know how to fix these errors:<BR><BR><BR>Source Event ID Last Occurrence Total
Occurrences Security 529<BR>1/2/2007 3:36 AM 797 *<BR><BR>Logon
Failure:<BR>Reason: Unknown user name or bad password<BR>User Name:
administrator<BR>Domain: barsanadham.lan<BR>Logon Type: 5<BR>Logon Process:
Advapi<BR>Authentication Package: Negotiate<BR>Workstation Name:
JKPBD02<BR>Caller User Name: administrator<BR>Caller Domain:
BARSANADHAM<BR>Caller Logon ID: (0x0,0x11EC99B2)<BR>Caller Process ID:
6908<BR>Transited Services: -<BR>Source Network Address: -<BR>Source Port:
-<BR><BR><BR><BR>Source Event ID Last Occurrence Total Occurrences
Security 537<BR>1/1/2007 10:21 AM 1<BR><BR>Logon Failure:<BR>Reason: An error
occurred during logon<BR>User Name:<BR>Domain:<BR>Logon Type: 3<BR>Logon
Process: Kerberos<BR>Authentication Package: Kerberos<BR>Workstation Name:
-<BR>Status code: 0xC000006D<BR>Substatus code: 0xC0000133<BR>Caller User
Name: -<BR>Caller Domain: -<BR>Caller Logon ID: -<BR>Caller Process ID:
-<BR>Transited Services: -<BR>Source Network Address: 192.168.0.84
<BR>Source Port: 0<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_00C2_01C72E8F.E83B2620--
Thansk
.
- Follow-Ups:
- Re: Help needed with 'Critical Errors in Security Log'
- From: Merv Porter [SBS-MVP]
- Re: Help needed with 'Critical Errors in Security Log'
- References:
- Prev by Date: Re: Change Default SMTP address
- Next by Date: Re: Unable to join client to domain
- Previous by thread: Help needed with 'Critical Errors in Security Log'
- Next by thread: Re: Help needed with 'Critical Errors in Security Log'
- Index(es):
Relevant Pages
|
