Security event id 537

We're running SBS 2003 R2. We have about 7,000 of these failure audits
in our Security Log. Any ideas?

Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Èù¿?Wd
Authentication Package: NTLM
Workstation Name:
Status code: 0x80090308
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -

Each one of them is the same, but the Logon Process changes.

Thanks for any help you can offer.
.

Relevant Pages

  • Re: Failure Audits 529 & 680: How to track the IP address?
    ... I get Failure Audits from users out in ... >> - Logon failure auditing is enabled. ... >> despite the fact that the machine is using a local account. ... >> Security Event 529 Is Logged for Local User Accounts ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Failure Audits 529 & 680: How to track the IP address?
    ... I get Failure Audits from users out in the ... > - Logon failure auditing is enabled. ... > despite the fact that the machine is using a local account. ... > Security Event 529 Is Logged for Local User Accounts ...
    (microsoft.public.windowsxp.security_admin)
  • unknown failure audits with logon process advapi
    ... I get many of the following failure audits in the security logs: ... Logon Failure: ... I am not sure if this is a virus? ...
    (microsoft.public.win2000.security)
  • event ID 529
    ... I'm getting 529 failure audits in my security log from ... I recently activated DHCP on my Windows 2000 domain ...
    (microsoft.public.win2000.security)
  • Re: XP access administrative share
    ... david carvalho wrote: ... I installed a xp pro, ... But when I try to connect to a regular xp workstation, ... " logon failure: the user has not been granted the requested logon ...
    (microsoft.public.windowsxp.security_admin)
Quantcast