troubleshooting Question

Exchange 2003 Intruder trying to logon

Avatar of Djrobluv
Djrobluv asked on
10 Comments1 Solution219 ViewsLast Modified:
I just noticed a situation on our Exchange Server in the Security Event Viewer. Looks as though someone is trying to log on to our Exchange Server. The only port open to this server is port 25 from the outside. So far the intruder has been unable to logon. How should I go about trying to find out how they are trying to login any help in pointing me in the right direction will help. Here is what was found in the Event Log:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      SERVER$
       Domain:            IPCRI
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SERVER
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 10 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros