nxpsupport
asked on
Critical Error in Security Log
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.
Reason: Unknown user name or bad password
User Name: User
Domain: Domain
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Company-WKSTN12
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.201.115
Source Port: 0
Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
Reason: Unknown user name or bad password
User Name: User
Domain: Domain
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Company-WKSTN12
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.201.115
Source Port: 0
Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx
Dan