Re: Thousands of 537 Events in Security Log

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I managed to get the Messaging Security Agent to install by not installing
it at the same time as the Security Server components. I used TM KB 1037599
to install it from the WFBS 5.0 Console.

I have configured proxy settings for both Update and Tracking and Web
Reputation and Behaviour Monitoring.

Looking OK so far...

"Bill Glidden" <billyg1943@xxxxxxxxxxx> wrote in message
news:uQ%23u6cdIJHA.2408@xxxxxxxxxxxxxxxxxxxxxxx
Jeff,

I am not running CSM for SMB 3.6, either :( Currently trying to reinstall
WF(!?)BS but the messaging agent fails to install.

Bill

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:O6xOXSdIJHA.5060@xxxxxxxxxxxxxxxxxxxxxxx
Bill

Did you say you were not using the ISA proxy on your configuration? If
you are the proxy still needs to be configured with CSM for SMB 3.6.

Jeff

"Bill Glidden" <billyg1943@xxxxxxxxxxx> wrote in message
news:%23zPlvAdIJHA.768@xxxxxxxxxxxxxxxxxxxxxxx
Lucky you, Jeff! I'm still getting the errors *after* uninstalling WFBS
:(

Cheers,
Bill

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:O0bQn3cIJHA.468@xxxxxxxxxxxxxxxxxxxxxxx
After about an hour of adjusting my Trend WFBS settings the 537 errors
have gone. My problem was that I had Web Reputation and Behavior
enabled but did NOT have the proxy authentication info entered. Not
sure how the username and password got removed because I remember
putting it in when I enabled Web Reputation and Behavior.
Anyway......the proxy information was the problem.. Thanks Jim for the
tip.

Jeff

"Jeff Teel" <jdteel@RMoveThis sugardog.com> wrote in message
news:eg5HfvcIJHA.456@xxxxxxxxxxxxxxxxxxxxxxx
I am getting the same 537 error but do have the proxy settings
configured as you suggested Bill. One difference, I was not using the
domain\username configuration but just had the username along with the
correct port and proxy name settings. The updates have been downloading
successfully so I'm not sure if that is the problem. I went ahead and
changed the setting to use the domain\username. I will see if the
errors go away. I also did not have the proxy information for Web
Reputation and Behavior setting. I've added that as well. I'll see if
that cleans the 537 events up any.

Jeff

"Jim G" <Jim @ home.net> wrote in message
news:ODeWEcZIJHA.1304@xxxxxxxxxxxxxxxxxxxxxxx
Select Preferences > Global settings > Proxy tab
Select "Use a proxy server..."
Enter address, port, user name (domain\username), and password
Hit Save

"Bill Glidden" <billyg1943@xxxxxxxxxxx> wrote in message
news:uUcexUWIJHA.2408@xxxxxxxxxxxxxxxxxxxxxxx
SBS 2003 SP1 Premium with ISA 2004

Started getting these in Security Log after upgrading Trend Micro
CSM 3.6 to WFBS 5.0:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 537
Date: 28/09/2008
Time: 10:07:48 PM
User: NT AUTHORITY\SYSTEM
Computer: GLIDDEN-SBS2K3
Description:
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Èù²
Authentication Package: NTLM
Workstation Name:
Status code: 0x80090308
Substatus code: 0x0
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: -
Source Port: -

All the 537 events are always as above except that the Logon Process
name varies (but always with extended characters). I have since
uninstalled WFBS 5.0 but am still getting the errors. Nothing else
has changed on this system AFAIK.

I have run SBS BPA and ISA BPA there are no significant issues with
either. Server appears to be running normally.

Would like some help tracking down the cause please.














.

Relevant Pages

  • RE: Event ID 529
    ... ISA is part of the Premium install. ... is that you already have a good security solution in place. ... Logon Failure: ... Caller User Name: MYSVRNAME$ ...
    (microsoft.public.windows.server.sbs)
  • Re: Thousands of 537 Events in Security Log
    ... I have configured proxy settings for both Update and Tracking and Web ... Did you say you were not using the ISA proxy on your configuration? ... Started getting these in Security Log after upgrading Trend Micro ... An error occurred during logon ...
    (microsoft.public.windows.server.sbs)
  • Re: local policy of this system does not permit you to logon interactively
    ... The link below may help, but requires network access, putting your hard ... or doing a paralell install. ... > security on my personal system through the ... > How can I override the logon or bypass it so I can correct ...
    (microsoft.public.win2000.security)
  • Re: Deny Software installation
    ... That's how it is done in XP and if you give out your admin logon, ... it is already turned off in the Guest account. ... Now that you've given up the security you can either change your login ... > Right now the "Guest" account can install software, ...
    (microsoft.public.windowsxp.basics)
  • Re: Deny Software installation
    ... That's how it is done in XP and if you give out your admin logon, ... it is already turned off in the Guest account. ... Now that you've given up the security you can either change your login ... > Right now the "Guest" account can install software, ...
    (microsoft.public.windowsxp.basics)