Solved

Critical Error in Security Log

Posted on 2007-11-16
3
463 Views
Last Modified: 2013-12-04
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.

Reason:      Unknown user name or bad password
User Name:      User
Domain:      Domain
Logon Type:      3
Logon Process:      NtLmSsp
Authentication Package:      NTLM
Workstation Name:      Company-WKSTN12
Caller User Name:      -
Caller Domain:      -
Caller Logon ID:      -
Caller Process ID:      -
Transited Services:      -
Source Network Address:      192.168.201.115
Source Port:      0


Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
0
Comment
Question by:nxpsupport
3 Comments
 
LVL 15

Accepted Solution

by:
MarkMichael earned 500 total points
ID: 20297775
Have a look at the target machine and check its event log. You can do this from the domain controller if you like, opening computer management and right clicking the computer and connecting to the computer name. It seems the user is authenticating with bad information to perhaps a folder share, or printer.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 20297973
Hi
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx

Dan
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20298213
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now