Re: Thousands of security failure events created by inetinfo.exe
- From: "Claus" <cjobes@xxxxxxxxxxxxx>
- Date: Mon, 13 Aug 2007 20:21:05 -0400
This is originating from the IIS. Do you have exposed your webserver and
NTLM authentication enabled?
--
Claus
"12gauge" <12gauge@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C93899F6-0163-4C01-A7DD-56239FBBE312@xxxxxxxxxxxxxxxx
Hello all,
When I check my SBS 2003 Server Performance Report, it says I have over
9,000 critical errors in the event log. When I check the Security log, I
get
thousands of the following error:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 8/13/2007
Time: 9:52:53 AM
User: NT AUTHORITY\SYSTEM
Computer: ALPHA
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Administrator
Domain: TECHDYNAMICS
Logon Type: 8
Logon Process: IIS
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: ALPHA
Caller User Name: ALPHA$
Caller Domain: TECHDYNAMICS
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5820
Transited Services: -
Source Network Address: -
Source Port: -
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
When I look at Process ID 5820 in Task Manager, it is listed as
inetinfo.exe. Another important thing to note is that the events are
occurring at 9pm and 9am every day for about 52 minutes, then they quit
until
the next 9pm or 9am. Also, when I look at the IIS Admin service, it is set
to
logon as the local system account.
Any ideas?
Thanks,
Steve
.
- Prev by Date: Re: SBS 2003 Backup failing
- Next by Date: Northeast Atlanta user group meeting Thursday August 16, 6:30 pm
- Previous by thread: Re: Thousands of security failure events created by inetinfo.exe
- Next by thread: SBS 2003 Premium wont update to SP2
- Index(es):
Relevant Pages
|
