• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1070
  • Last Modified:

server unable to logon the Windows NT account

This is an 2003 SBS enviroment.  

In the event logs Ive been receiving the following error approx once a minute

The server was unable to logon the Windows NT account 'USER' due to the following error: Logon failure: unknown user name or bad password.  The data is the error code.

Now, I do have a basic understanding of what this error messages entails, BUT the "USER" keeps changing, and none of the names are actual usernames for employees at the company.  (This error has en logged 1000s of times with usernames like, Bill, Jane, George, Linda etc etc.  )

So it appears that someone is trying to access my server via IIS?  What safeguards can we impliment outide of our current firewall system.

Thanks
0
gws226
Asked:
gws226
  • 4
1 Solution
 
netnounoursCommented:
I would suggest to build a specific rule in your firewall to drop any packets coming from the ip address of the "attacker". you just need to find it. Check your logs, etc.

I hope that helps
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
What is the Specific EVENT ID #?
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Also, do you have port 80 open to your server?
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Actually, it looks as though you do... (As a Zone Advisor here, I have the advantage of being able to see your IP address... so I took the liberty to check).

It seems as though you have not properly run the Configure Email and Internet Connection Wizard (CEICW -- linked as "Connect to the Internet on the To-Do list in the Server Management Console) to enable SSL on your Internet & Information Services web sites.  This is a very important part of keeping your SBS network secure.  On the CEICW's component selection screen, you should NOT have "Business Website (wwwroot)" enabled  (which is port 80).

A visual how-to for that is here:  http://sbsurl.com/ceicw

Jeff
TechSoEasy
0
 
gws226Author Commented:
Thanks for the quick replies.  This is a new client, that we just took over the account for.  What a mess!
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Whenever I take on a new client where someone else installed the SBS I do an immediate reinstallation because that takes only about 6 hours compared to an unknown number of hours troubleshooting ridiculous issues forever.

Jeff
TechSoEasy
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now