asked on
What does this Event Refer too, and how do I stop it?
I have a Windowns 2003 server running 2 network monitoring tools. IpSwitch Watsup gold and HP System Insight Manager 5.1.
On that box, I am getting the following events over and over and over in the security events log. From what I've been able to dig up on the internet about this Event, it's simply a successful logon/logoff. so I don't understand why it's in my event log over and over and over.
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {3f6c6fcc-00db-06f5-ddc5-9
User whose credentials were used:
Target User Name: administrator
Target Domain: TP.TPBP.COM
Target Logon GUID: -
Target Server Name: brnav.tp.tpbp.com
Target Server Info: RPCSS/brnav.tp.tpbp.com
Caller Process ID: 472
Source Network Address: -
Source Port: -
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {6490d67b-9992-290e-ede5-1
User whose credentials were used:
Target User Name: administrator
Target Domain: tp
Target Logon GUID: -
Target Server Name: brmail.tp.tpbp.com
Target Server Info: brmail.tp.tpbp.com
Caller Process ID: 2796
Source Network Address: -
Source Port: -
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {6490d67b-9992-290e-ede5-1
User whose credentials were used:
Target User Name: administrator
Target Domain: tp
Target Logon GUID: -
Target Server Name: brfax.tp.tpbp.com
Target Server Info: brfax.tp.tpbp.com
Caller Process ID: 2796
Source Network Address: -
Source Port: -
--------------------------
Can someone please shed some light on this for me?
I appreciate thje help in advance.
Brandon Pembo
On that box, I am getting the following events over and over and over in the security events log. From what I've been able to dig up on the internet about this Event, it's simply a successful logon/logoff. so I don't understand why it's in my event log over and over and over.
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {3f6c6fcc-00db-06f5-ddc5-9
User whose credentials were used:
Target User Name: administrator
Target Domain: TP.TPBP.COM
Target Logon GUID: -
Target Server Name: brnav.tp.tpbp.com
Target Server Info: RPCSS/brnav.tp.tpbp.com
Caller Process ID: 472
Source Network Address: -
Source Port: -
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {6490d67b-9992-290e-ede5-1
User whose credentials were used:
Target User Name: administrator
Target Domain: tp
Target Logon GUID: -
Target Server Name: brmail.tp.tpbp.com
Target Server Info: brmail.tp.tpbp.com
Caller Process ID: 2796
Source Network Address: -
Source Port: -
--------------------------
Logon attempt using explicit credentials:
Logged on user:
User Name: BRMONITOR$
Domain: TP
Logon ID: (0x0,0x3E7)
Logon GUID: {6490d67b-9992-290e-ede5-1
User whose credentials were used:
Target User Name: administrator
Target Domain: tp
Target Logon GUID: -
Target Server Name: brfax.tp.tpbp.com
Target Server Info: brfax.tp.tpbp.com
Caller Process ID: 2796
Source Network Address: -
Source Port: -
--------------------------
Can someone please shed some light on this for me?
I appreciate thje help in advance.
Brandon Pembo
Microsoft Server OSWindows Server 2003
Last Comment
TPBPIT
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
It just looks like a service account running on a local computer. You could always look for the BRMONITOR account in AD and investigate.
ASKER
I was able to kill one of the monitoring software pieces and the Events stopped lgging. So I'm going to take this up with IpSwitch's technical department. Thanks for pointing me in the right direction here.
and I think this could be stopped by editing the global poliy on the domain to stop logging successful audits. But my boss doesn't want to edit that policy. We need it for our citrix solution.
thank you very much for your time and thoughts.
Brandon
and I think this could be stopped by editing the global poliy on the domain to stop logging successful audits. But my boss doesn't want to edit that policy. We need it for our citrix solution.
thank you very much for your time and thoughts.
Brandon