Server Performance Report Question
- From: Richard K <RichardK@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 9 Nov 2007 15:16:02 -0800
I am getting daily Server Performance Reports from my SBS 2003 server. In
that report there are "Critical Errors in Security Log" where there are logon
failures. There are 2 strange things I see and I'd like to further
understand.
1. I have a user, called jsmith, who has a failure for "Unknown user name
or bad password". jsmith is a user on the SBS network but in the Total
Occurences field I see 2,284 as the count. 2,284... that's alot of
occurances for failure so it makes no sense
2. I have a user, called mjane, who has a the same failure BUT this user is
not a user on the SBS network and I suspect is an attack from the internet
since the SBS server is hooked directly to the DSL without router so all
ports are open. Now this one scares me more.
What is going on here and more importantly where can I go to further
understand this type of messages including the other specs such as logon
type, process, workstation and user name etc. that are part of the error? Is
there also a way I can query into the log to see other such occurences? Is
this the event viewer log or is there information in the SQLMonitoring
database as well?
Thanks!
-Richard K
.
- Follow-Ups:
- Re: Server Performance Report Question
- From: Claus
- Re: Server Performance Report Question
- Prev by Date: Re: WSUS 3 upgrade
- Next by Date: Move Mailbox store database
- Previous by thread: Re: copy files smb to standard
- Next by thread: Re: Server Performance Report Question
- Index(es):
Relevant Pages
|
