Re: Update Post Regarding Logon events after Trend 3.5 Upgrade

Mind if I blog this?

Jeff Teel wrote:
I contacted Trend about the Logon events that started after upgrading from Trend 3.0 to 3.5 and here is their suggestion.

-------------------------------------------------------
Trend Response:
Question/concerns/Inquiry: getting Event ID:529

Solutions/Suggestions:

1. Open the C:\Program Files\Trend Micro\Security Server\PCCSRV\Admin\Utility\TMVS folder.

2. Double-click TMVS.exe and click Settings.

3. Under the Product Query section, clear all the marked check boxes except for the OfficeScan Corporate Edition/Security Server check box.

4. Click OK.

Please feel free to ask for further clarifications on this matter. We would gladly continue to assist you.

However, if the issue is successfully resolved and if you have no other concerns that you would like us to help you with, please reply to this e-mail at the soonest so that we can close the case.

We are looking forward to your reply and hope that we may continue to rely on your appreciated patronage.

------------------------------------------------------

I'm not sure why but the file TMVS.exe was not located in the same place on my server as where Trend said to look. I did not have a folder named Security Server on my server but the file TMVS.exe was available so I was still able to perform the suggestion. It appears to have solved the event errors in the Windows Event Log.

Thanks
Jeff

-----------------------------------------------------
Original Post

After doing an upgrade from CSM 3.0 to CSM 3.5 I've been seeing Logon
failures. What is Trend attempting to access using the .notaccount username
that would cause these?

Thanks
Jeff

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 3/8/2007
Time: 9:22:49 PM
User: NT AUTHORITY\SYSTEM
Computer: SBS
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: .notaccount.
Domain: network
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: SBS
Caller User Name: SBS$
Caller Domain: network
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 3024
Transited Services: -
Source Network Address: -
Source Port: -


.

Relevant Pages

  • Re: ISA SERVER NOT STARTING
    ... I delete the nat/basic firewall and stop and started the RRAS an tried to ... There were no critical events in the DNS Server Log in the last 24 hours. ... An error occurred during logon ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Event ID 529
    ... First is a hardware firewall that sits on the perimeter of your network and requires that your users give user names and passwords, different from those for the network. ... Sometimes the Logon Type is different, also the User Name can be ... Computer: <SERVER NAME> ... Caller User Name: $ ...
    (microsoft.public.windows.server.sbs)
  • Re: Another security question/issue.
    ... Time to audit your server and workstations with AV, Malware, and installed ... Logon Process: Advapi ... Caller User Name: servername$ ... Source Port: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon 529 Errors
    ... connection has been found on the black list, my DNS server ... Connection filtering is different from what inna is attempting, ... These are almost surely SMTP logon attempts, ... Caller User Name: DELLSERVER$ ...
    (microsoft.public.windows.server.sbs)
  • Re: Logon 529 Errors
    ... Default SMTP Virtual Server properties-Access tab-Relay ... Connection filtering is different from what inna is attempting, ... These are almost surely SMTP logon attempts, ... Caller User Name: DELLSERVER$ ...
    (microsoft.public.windows.server.sbs)