Solved

Critical Error in Security Log

Posted on 2007-11-16
3
468 Views
Last Modified: 2013-12-04
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.

Reason:      Unknown user name or bad password
User Name:      User
Domain:      Domain
Logon Type:      3
Logon Process:      NtLmSsp
Authentication Package:      NTLM
Workstation Name:      Company-WKSTN12
Caller User Name:      -
Caller Domain:      -
Caller Logon ID:      -
Caller Process ID:      -
Transited Services:      -
Source Network Address:      192.168.201.115
Source Port:      0


Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
0
Comment
Question by:nxpsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Accepted Solution

by:
MarkMichael earned 500 total points
ID: 20297775
Have a look at the target machine and check its event log. You can do this from the domain controller if you like, opening computer management and right clicking the computer and connecting to the computer name. It seems the user is authenticating with bad information to perhaps a folder share, or printer.
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20297973
Hi
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx

Dan
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20298213
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Securing a laptop that travels frequently 21 131
SBS 2011 Backup Drive 8 109
Changing a SBS 2011 Server to TLS 6 49
Ransomware case 23 107
Transferring data across the virtual world became simpler but protecting it is becoming a real security challenge.  How to approach cyber security  in today's business world!
OfficeMate Freezes on login or does not load after login credentials are input.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question