troubleshooting Question

Failure Audits after changing ISUR account (event id 680 and 529)

Avatar of windylad
windyladFlag for Ireland asked on
Microsoft IIS Web ServerWindows Server 2003
5 Comments1 Solution1662 ViewsLast Modified:
Hi,

I created a new IUSR account as per the following article to help prevent any potential security breach.
http://www.microsoft.com/technet/community/columns/insider/iisi1102.mspx
I set a good password and made the account just like the existing account.
Then i went into IIS manager, right-clicked on 'web sites', selected 'Directory Security' and in there i selected my new account as the new account for anonymous access.

Now i have a huge spam of failure audits on this server in my event logs (event id 680 and 529)
What could be causing these? - they are mainly coming from one other server in particular.

Event Type:    Failure Audit
Source:    Security
Event Category:    Logon/Logoff
Event ID:    529

Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      
       Domain:            SERVER1
       Logon Type:      3
       Logon Process:      NtLmSsp
       Authentication Package:      NTLM
       Workstation Name:      SERVER2
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      192.168.1.214
       Source Port:      3876

Category: Account Logon
Event ID 680
NT AUTHORITY\SYSTEM
COMPUTER: SERVER1

Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      
 Source Workstation:      SERVER2
 Error Code:      0xC0000064


Any help is appreciated.
Thanks in advance
ASKER CERTIFIED SOLUTION
Computer101

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros