asked on

Service Control Manager generates Failure Audits

My server has been generating login failures for a while now. Specifically it is a Faulure Audit ID 531 "Account currently disabled." The Administrator account is disabled by the way. On futher investigation I found that these errors happen at exactly the same time to the second that the Service Control Manager starts or stops any service. The services run ok without issue so this hasn not been a big concern. We are starting to keep track of all events for PCI compliance and it would be nice to clean this up. Any ideas?

Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      531
Date:            9/18/2008
Time:            2:57:12 PM
User:            NT AUTHORITY\SYSTEM
Computer:      PSCSRV-01
Description:
Logon Failure:
     Reason:            Account currently disabled
     User Name:
     Domain:
     Logon Type:      3
     Logon Process:      Authz
     Authentication Package:      Kerberos
     Workstation Name:      Server
     Caller User Name:      Server$
     Caller Domain:      mydomain
     Caller Logon ID:      (0x0,0x3E7)
     Caller Process ID:      1020
     Transited Services:      -
     Source Network Address:      -
     Source Port:      -

ASKER CERTIFIED SOLUTION

ashishsa

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

hyphenet

ASKER

Thanks Ashishsa that worked,

I had some problems running an interactive command prompt. Using "at [time] /interactive cmd.exe" a cmd prompt will appear in the taskmgr but does not pop up for me to use. I tried using pstools "psexec -i -s cmd.exe" and that did not work either. Eventually I just ran "mofcomp scm.mof" in a normal command prompt as a domain admin and not the System account. It ran successfully and the errors have gone away.

hyphenet

ASKER

Thanks!

visualutions

Please note that /interactive cmd.exe wont work unless you are on console session