Solved

I cant see any failed logins on my server, I can see them on the workstation event log but cant see it on the server event log

Posted on 2006-10-25
9
362 Views
Last Modified: 2010-04-19
I need to know how to have any one who fails or suceeds to log in to the network to have the event logged in the event viewer on my server. right now it will only log an event if you try to log in to the server if you are on a workstaion it will not log the event
0
Comment
Question by:brikeyes
  • 3
  • 2
  • 2
9 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
You're not seeing those show up in your daily server status report?

Jeff
TechSoEasy
0
 
LVL 5

Expert Comment

by:pdxsrw
Comment Utility
So on your SBS server under the Security Log - you are not seeing any Event ID: 540  Category Logon/Logoff ?


Like this:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            10/26/2006
Time:            8:11:28 AM
User:            MYDOMAINNAME\JohnDoe
Computer:      FS01
Description:
Successful Network Logon:
       User Name:      JohnDoe
       Domain:            MYDOMAINNAME
       Logon ID:            (0x0,0x93D4C832)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      
       Logon GUID:      {33d58025-2e98-542b-6cf6-eac50163de15}
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      *.*.*.64
       Source Port:      1818



- pdxsrw

0
 
LVL 5

Expert Comment

by:pdxsrw
Comment Utility
And here is an example of a Logon failure:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            10/24/2006
Time:            3:01:55 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FS01
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Jason
       Domain:            VALUED-A7968D8A
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      VALUED-A7968D8A
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      172.16.8.61
       Source Port:      0


- pdxsrw
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 3

Author Comment

by:brikeyes
Comment Utility
yeah I dont get a event log entry for a failed login to a workstion . I have a small environment and want to see login for all my users on one evnet log
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
Comment Utility
Users shouldn't be logging in LOCALLY to a workstation.  But if they tried, it would generate a failed login event only on that workstation... since it's not a domain event.

You should however, get a login event on your server when the user logs in to the DOMAIN.

If you aren't, I would wonder if you joined your workstations to the domain properly by using the Add-Computer Wizard on your Server, and then using http://<servername>/connectcomputer at the workstation.  If you did not use this method, then you must follow these steps to correct:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
LVL 3

Author Comment

by:brikeyes
Comment Utility
Jeff i think you have something here i will check it out and let you know , is this just a SBS thing?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
Comment Utility
Yes, this is just an SBS thing.  

Jeff
TechSoEasy
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now