Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

I cant see any failed logins on my server, I can see them on the workstation event log but cant see it on the server event log

Posted on 2006-10-25
9
Medium Priority
?
371 Views
Last Modified: 2010-04-19
I need to know how to have any one who fails or suceeds to log in to the network to have the event logged in the event viewer on my server. right now it will only log an event if you try to log in to the server if you are on a workstaion it will not log the event
0
Comment
Question by:brikeyes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
9 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17808497
You're not seeing those show up in your daily server status report?

Jeff
TechSoEasy
0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812621
So on your SBS server under the Security Log - you are not seeing any Event ID: 540  Category Logon/Logoff ?


Like this:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            10/26/2006
Time:            8:11:28 AM
User:            MYDOMAINNAME\JohnDoe
Computer:      FS01
Description:
Successful Network Logon:
       User Name:      JohnDoe
       Domain:            MYDOMAINNAME
       Logon ID:            (0x0,0x93D4C832)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      
       Logon GUID:      {33d58025-2e98-542b-6cf6-eac50163de15}
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      *.*.*.64
       Source Port:      1818



- pdxsrw

0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812646
And here is an example of a Logon failure:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            10/24/2006
Time:            3:01:55 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FS01
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Jason
       Domain:            VALUED-A7968D8A
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      VALUED-A7968D8A
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      172.16.8.61
       Source Port:      0


- pdxsrw
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:brikeyes
ID: 17829013
yeah I dont get a event log entry for a failed login to a workstion . I have a small environment and want to see login for all my users on one evnet log
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 2000 total points
ID: 17831569
Users shouldn't be logging in LOCALLY to a workstation.  But if they tried, it would generate a failed login event only on that workstation... since it's not a domain event.

You should however, get a login event on your server when the user logs in to the DOMAIN.

If you aren't, I would wonder if you joined your workstations to the domain properly by using the Add-Computer Wizard on your Server, and then using http://<servername>/connectcomputer at the workstation.  If you did not use this method, then you must follow these steps to correct:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
LVL 3

Author Comment

by:brikeyes
ID: 17834425
Jeff i think you have something here i will check it out and let you know , is this just a SBS thing?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17839012
Yes, this is just an SBS thing.  

Jeff
TechSoEasy
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer: http://www.microsoft.com/downloads/details.aspx?FamilyID=DBAB201F-…
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question