Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Critical Error in Security Log

Posted on 2007-11-16
3
Medium Priority
?
471 Views
Last Modified: 2013-12-04
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.

Reason:      Unknown user name or bad password
User Name:      User
Domain:      Domain
Logon Type:      3
Logon Process:      NtLmSsp
Authentication Package:      NTLM
Workstation Name:      Company-WKSTN12
Caller User Name:      -
Caller Domain:      -
Caller Logon ID:      -
Caller Process ID:      -
Transited Services:      -
Source Network Address:      192.168.201.115
Source Port:      0


Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
0
Comment
Question by:nxpsupport
3 Comments
 
LVL 15

Accepted Solution

by:
MarkMichael earned 1500 total points
ID: 20297775
Have a look at the target machine and check its event log. You can do this from the domain controller if you like, opening computer management and right clicking the computer and connecting to the computer name. It seems the user is authenticating with bad information to perhaps a folder share, or printer.
0
 
LVL 22

Expert Comment

by:dan_blagut
ID: 20297973
Hi
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx

Dan
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20298213
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question