Solved

Windows Login Failure Audits

Posted on 2004-08-06
10
2,454 Views
Last Modified: 2013-12-04
I have logon failure attempts to every account on my machine. Every account has 2. They are posted below. If anyone can help me know what is going on and how I can fix it, it will be much appreciated. Thx.

Logs:

Event ID: 529
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      ASPNET
       Domain:            
       Logon Type:      2
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      COMPUTER

Event ID: 680
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:  ASPNET
 Source Workstation: COMPUTER
 Error Code: 0xC000006A


0
Comment
Question by:planza
10 Comments
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 500 total points
ID: 11741303
This will help explain it to you...

You receive a "logon failure: unknown user name or bad" error message while accessing remote security-enhanced resources from an ASP.NET application

http://support.microsoft.com/default.aspx?scid=kb;EN-US;842789

FE
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11741306
BTW:  it will show you how to stop it from ocurring also..  :)
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 11741382
Try scanning your PC with an AV scanner, like Stinger
http://vil.nai.com/vil/stinger/
-rich
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11742395
Doubt seriously that it is a virii, but it does not hurt to ck.  This error is a common error, and can be fixed with the link provided above..

FE
0
 
LVL 1

Author Comment

by:planza
ID: 11744762
cool, thanks for the info. I will give you the points for that, but do you know how I can see exactly is trying to access something?

thx
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 11744844
You can use one of the workarounds in the article above to prevent these errors from ocurring...    A little complicated, but it is well documented..  Good luck..!!

And thank you..

FE
0
 
LVL 1

Author Comment

by:planza
ID: 11779309
yes, I read those and understand that. BUT I want to find out which program is CAUSING ther error, not just how to prevent the error from occuring.

I want to find the cause of the error.

Thanks
0
 

Expert Comment

by:kempt
ID: 11851995
Have you resolved this yet?  I'm seeing the same, and would love to read your results.
0
 
LVL 1

Author Comment

by:planza
ID: 12263568
no, still not resolved. I went through and disabled ALL accounts except fro the one that I use. I have to go and re-enable accts fro development etc, but this seems to have stopped the logevents...

I'll bet that there is some sort of software than can monitor this, maybe by symantec of sth...

let me know if oyu find anything
0
 

Expert Comment

by:mcnellie
ID: 12532745
I constantly over the last year or so get MS NT 4.0 Event Id 'chains' of 529, with a spoofed User name and Domain and the time of events sometimes seconds apart. It appears as a 'propagated type of NETBIOS/SMB automated program " and I've tried "anon logon restrictions" but they still reappear in large groups?

Any tips, guidance or advice would be greatly appreciated!
J. McNellie
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question