Solved

I cant see any failed logins on my server, I can see them on the workstation event log but cant see it on the server event log

Posted on 2006-10-25
9
369 Views
Last Modified: 2010-04-19
I need to know how to have any one who fails or suceeds to log in to the network to have the event logged in the event viewer on my server. right now it will only log an event if you try to log in to the server if you are on a workstaion it will not log the event
0
Comment
Question by:brikeyes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
9 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17808497
You're not seeing those show up in your daily server status report?

Jeff
TechSoEasy
0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812621
So on your SBS server under the Security Log - you are not seeing any Event ID: 540  Category Logon/Logoff ?


Like this:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            10/26/2006
Time:            8:11:28 AM
User:            MYDOMAINNAME\JohnDoe
Computer:      FS01
Description:
Successful Network Logon:
       User Name:      JohnDoe
       Domain:            MYDOMAINNAME
       Logon ID:            (0x0,0x93D4C832)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      
       Logon GUID:      {33d58025-2e98-542b-6cf6-eac50163de15}
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      *.*.*.64
       Source Port:      1818



- pdxsrw

0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812646
And here is an example of a Logon failure:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            10/24/2006
Time:            3:01:55 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FS01
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Jason
       Domain:            VALUED-A7968D8A
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      VALUED-A7968D8A
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      172.16.8.61
       Source Port:      0


- pdxsrw
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:brikeyes
ID: 17829013
yeah I dont get a event log entry for a failed login to a workstion . I have a small environment and want to see login for all my users on one evnet log
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17831569
Users shouldn't be logging in LOCALLY to a workstation.  But if they tried, it would generate a failed login event only on that workstation... since it's not a domain event.

You should however, get a login event on your server when the user logs in to the DOMAIN.

If you aren't, I would wonder if you joined your workstations to the domain properly by using the Add-Computer Wizard on your Server, and then using http://<servername>/connectcomputer at the workstation.  If you did not use this method, then you must follow these steps to correct:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
LVL 3

Author Comment

by:brikeyes
ID: 17834425
Jeff i think you have something here i will check it out and let you know , is this just a SBS thing?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17839012
Yes, this is just an SBS thing.  

Jeff
TechSoEasy
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question