Solved

Critical Error in Security Log

Posted on 2007-11-16
3
464 Views
Last Modified: 2013-12-04
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.

Reason:      Unknown user name or bad password
User Name:      User
Domain:      Domain
Logon Type:      3
Logon Process:      NtLmSsp
Authentication Package:      NTLM
Workstation Name:      Company-WKSTN12
Caller User Name:      -
Caller Domain:      -
Caller Logon ID:      -
Caller Process ID:      -
Transited Services:      -
Source Network Address:      192.168.201.115
Source Port:      0


Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
0
Comment
Question by:nxpsupport
3 Comments
 
LVL 15

Accepted Solution

by:
MarkMichael earned 500 total points
ID: 20297775
Have a look at the target machine and check its event log. You can do this from the domain controller if you like, opening computer management and right clicking the computer and connecting to the computer name. It seems the user is authenticating with bad information to perhaps a folder share, or printer.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 20297973
Hi
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx

Dan
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20298213
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
In a recent question (https://www.experts-exchange.com/questions/28997919/Pagination-in-Adobe-Acrobat.html) here at Experts Exchange, a member asked how to add page numbers to a PDF file using Adobe Acrobat XI Pro. This short video Micro Tutorial sh…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question