Solved

Critical Error in Security Log

Posted on 2007-11-16
3
466 Views
Last Modified: 2013-12-04
A customer of ours got the error below in their security log 1818 times yesterday. The day before it was over 7900 times with another user.

Reason:      Unknown user name or bad password
User Name:      User
Domain:      Domain
Logon Type:      3
Logon Process:      NtLmSsp
Authentication Package:      NTLM
Workstation Name:      Company-WKSTN12
Caller User Name:      -
Caller Domain:      -
Caller Logon ID:      -
Caller Process ID:      -
Transited Services:      -
Source Network Address:      192.168.201.115
Source Port:      0


Obviously I changed anything specific to the customers network. Does anybody have any suggestions on what this could be?
0
Comment
Question by:nxpsupport
3 Comments
 
LVL 15

Accepted Solution

by:
MarkMichael earned 500 total points
ID: 20297775
Have a look at the target machine and check its event log. You can do this from the domain controller if you like, opening computer management and right clicking the computer and connecting to the computer name. It seems the user is authenticating with bad information to perhaps a folder share, or printer.
0
 
LVL 21

Expert Comment

by:dan_blagut
ID: 20297973
Hi
Microsoft sayd that is something wrong at replication....
http://www.microsoft.com/technet/opsmgr/2005/library/dirmgmtpack/dirmgmtpackmom_3.mspx

Dan
0
 
LVL 70

Expert Comment

by:KCTS
ID: 20298213
The most likely cause is that a service or scheduled task has been set to run with a user accounts credentials and the password of that account has subsequently been changed - MS best practice is to set up special accounts for secheduled tasks and services that require them and set them to "password does not expire" - avoid using user (or administrator) accounts
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question