Solved

I cant see any failed logins on my server, I can see them on the workstation event log but cant see it on the server event log

Posted on 2006-10-25
9
365 Views
Last Modified: 2010-04-19
I need to know how to have any one who fails or suceeds to log in to the network to have the event logged in the event viewer on my server. right now it will only log an event if you try to log in to the server if you are on a workstaion it will not log the event
0
Comment
Question by:brikeyes
  • 3
  • 2
  • 2
9 Comments
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17808497
You're not seeing those show up in your daily server status report?

Jeff
TechSoEasy
0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812621
So on your SBS server under the Security Log - you are not seeing any Event ID: 540  Category Logon/Logoff ?


Like this:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      540
Date:            10/26/2006
Time:            8:11:28 AM
User:            MYDOMAINNAME\JohnDoe
Computer:      FS01
Description:
Successful Network Logon:
       User Name:      JohnDoe
       Domain:            MYDOMAINNAME
       Logon ID:            (0x0,0x93D4C832)
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      
       Logon GUID:      {33d58025-2e98-542b-6cf6-eac50163de15}
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID: -
       Transited Services: -
       Source Network Address:      *.*.*.64
       Source Port:      1818



- pdxsrw

0
 
LVL 5

Expert Comment

by:pdxsrw
ID: 17812646
And here is an example of a Logon failure:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            10/24/2006
Time:            3:01:55 PM
User:            NT AUTHORITY\SYSTEM
Computer:      FS01
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      Jason
       Domain:            VALUED-A7968D8A
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      VALUED-A7968D8A
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      172.16.8.61
       Source Port:      0


- pdxsrw
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 3

Author Comment

by:brikeyes
ID: 17829013
yeah I dont get a event log entry for a failed login to a workstion . I have a small environment and want to see login for all my users on one evnet log
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 17831569
Users shouldn't be logging in LOCALLY to a workstation.  But if they tried, it would generate a failed login event only on that workstation... since it's not a domain event.

You should however, get a login event on your server when the user logs in to the DOMAIN.

If you aren't, I would wonder if you joined your workstations to the domain properly by using the Add-Computer Wizard on your Server, and then using http://<servername>/connectcomputer at the workstation.  If you did not use this method, then you must follow these steps to correct:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://servername/connectcomputer

Jeff
TechSoEasy
0
 
LVL 3

Author Comment

by:brikeyes
ID: 17834425
Jeff i think you have something here i will check it out and let you know , is this just a SBS thing?
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 17839012
Yes, this is just an SBS thing.  

Jeff
TechSoEasy
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question