Windows 2003 Security event log - Failed audits

Posted on 2005-03-30
Medium Priority
Last Modified: 2013-12-04

I have a windows 2003 servers keeps getting failed logon attempts from people outside the network.  The event id is 529 failed logon.  

I think our network is secure, the only thing I let in on the firewall is HTTPS and SMTP.  I even checked our settings with shieldsup.

My question is how are people seeing my server in order to try and hack in?  The server in question has exchange and iis for owa.  The owa is through https and I have a certificate authority.

Any help would be appreciated.


Question by:bjennings
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
LVL 38

Accepted Solution

Rich Rumble earned 750 total points
ID: 13662739
Since your prompted for a user/pass when authenticating, it stands to reason that this could be why your seeing these. If port's 135-139, and 445 are closed then they should not be able to attempt a "normal" nt/smb login. Do you happen to have TerminalService open? port 3389 by default? This could also be how the events are appearing.
See if you can get your firewall log's and try to match the times to the event log's to deterimine the ip address of the "attacker"

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…
Suggested Courses
Course of the Month9 days, 21 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question