We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now

x

I cant see any failed logins on my server, I can see them on the workstation event log but cant see it on the server event log

brikeyes
brikeyes asked
on
Medium Priority
382 Views
Last Modified: 2010-04-19
I need to know how to have any one who fails or suceeds to log in to the network to have the event logged in the event viewer on my server. right now it will only log an event if you try to log in to the server if you are on a workstaion it will not log the event
Comment
Watch Question

Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
You're not seeing those show up in your daily server status report?

Jeff
TechSoEasy

Commented:
So on your SBS server under the Security Log - you are not seeing any Event ID: 540  Category Logon/Logoff ?


Like this:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            10/26/2006
Time:            8:11:28 AM
User:            MYDOMAINNAME\JohnDoe
Computer:      FS01
Description:
Successful Network Logon:
       User Name:      JohnDoe
       Domain:            MYDOMAINNAME
       Logon ID:            (0x0,0x93D4C832)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      
       Logon GUID:      {33d58025-2e98-542b-6cf6-eac50163de15}
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      *.*.*.64
       Source Port:      1818



- pdxsrw

Commented:
And here is an example of a Logon failure:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            10/24/2006
Time:            3:01:55 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FS01
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Jason
       Domain:            VALUED-A7968D8A
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      VALUED-A7968D8A
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      172.16.8.61
       Source Port:      0


- pdxsrw

Author

Commented:
yeah I dont get a event log entry for a failed login to a workstion . I have a small environment and want to see login for all my users on one evnet log
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Users shouldn't be logging in LOCALLY to a workstation.  But if they tried, it would generate a failed login event only on that workstation... since it's not a domain event.

You should however, get a login event on your server when the user logs in to the DOMAIN.

If you aren't, I would wonder if you joined your workstations to the domain properly by using the Add-Computer Wizard on your Server, and then using http://<servername>/connectcomputer at the workstation.  If you did not use this method, then you must follow these steps to correct:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Jeff i think you have something here i will check it out and let you know , is this just a SBS thing?
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Yes, this is just an SBS thing.  

Jeff
TechSoEasy
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.