Re: Security event id 537

On Sep 5, 5:26 am, IanB <I...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have this exact same issue, and it could be since upgrading Trend CSM to
the WF version.

Could there be a link?

IanB



"SteveC" wrote:
On Sep 4, 12:09 pm, "Cliff Galiher" <cgali...@xxxxxxxxx> wrote:
Is everything else *really* blank?  Or did you 'edit' it for security?

Specifically domain, username, workstation, and source IP?

If you did edit the output, do all of the fields contain the same values
every time?

-Cliff

<scash...@xxxxxxxxxxxxxxxxxx> wrote in message

news:b7e8ef1b-5647-41f3-8fd2-dfe8fee236ac@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

We're running SBS 2003 R2. We have about 7,000 of these failure audits
in our Security Log. Any ideas?

Logon Failure:
 Reason: An error occurred during logon
 User Name:
 Domain:
 Logon Type: 3
 Logon Process: Èù¿  Wd
 Authentication Package: NTLM
 Workstation Name:
 Status code: 0x80090308
 Substatus code: 0x0
 Caller User Name: -
 Caller Domain: -
 Caller Logon ID: -
 Caller Process ID: -
 Transited Services: -
 Source Network Address: -
 Source Port: -

Each one of them is the same, but the Logon Process changes.

Thanks for any help you can offer.- Hide quoted text -

- Show quoted text -

Cliff,

Yes, everything else is blank. That is a direct copy of the event log.
Everything stays the same for each event (7000 right now), but the
"Logon Process" changes to something similar, but unreadable (at least
to me).

Steve- Hide quoted text -

- Show quoted text -

IanB,

We have Trend Micro Worry Free Security running. We didn't upgrade,
but installed WF from scratch. I searched Trend Micro's site and
didn't see anything. I saw a thread about making sure that Proxy
Server was selected and user names/passwords were entered in WF and I
did that. I haven't seen a change, but I don't know if it would
require a reboot. I can't restart the server until this weekend.

Steve
.

Relevant Pages

  • Re: Tracking unauthorized access to my computer
    ... Remote Desktop. ... The user name, logon type, and time can give you an idea who is ... Also look at your own logon events for your user account ... I would also increase the size of the security log to like ...
    (microsoft.public.security)
  • Re: The very strange problem about Win XP and Win 2K server
    ... You need to have auditing of account logon and /or logon events for success ... and failure enabled before you will see anything in the security log of the ... server which you can do in Local Security Policy. ...
    (microsoft.public.win2000.security)
  • RE: security logon failures
    ... We are a small company with only one server and the ... The security log on the event ... Firstly, I want to explain that, If audit logon is enabled on SBS server, ... will be generated in security log. ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 529 occuring 2500 times every day
    ... I am receiving this error message in my security log about 2500 ... Logon Failure: ... User Name: HSSSERVER$ ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Event 529 occuring 2500 times every day
    ... I am receiving this error message in my security log about 2500 ... Logon Failure: ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
Loading