mpcm
asked on
Event ID 529 Logon type 8
I keep getting these Failure Audit message in Event Viewer on my Small Business Server. The 1st time I noticed it there were 70,000 logs with the same message with different user names. There are no users in the domain with these names and it makes me very suspicious of hacking.
I cleared the events on the 8th and since then have received 27,000. Anyone know whats going on?
Logon Failure:
Reason:Unknown user name or bad password
User Name: Echotouch
Domain:(Domain Name)
Logon Type: 8
Logon Process: IIS
Authentication Package:MICROSOFT_AUTHENTI CATION_PAC KAGE_V1_0
Workstation Name: (My Server Name)
Caller User Name: (My Server Name)$
Caller Domain: (Domain Name)
Caller Logon ID:(0x0,0x3E7)
Caller Process ID: 2416
Transited Services: -
Source Network Address: -
Source Port: -
I cleared the events on the 8th and since then have received 27,000. Anyone know whats going on?
Logon Failure:
Reason:Unknown user name or bad password
User Name: Echotouch
Domain:(Domain Name)
Logon Type: 8
Logon Process: IIS
Authentication Package:MICROSOFT_AUTHENTI
Workstation Name: (My Server Name)
Caller User Name: (My Server Name)$
Caller Domain: (Domain Name)
Caller Logon ID:(0x0,0x3E7)
Caller Process ID: 2416
Transited Services: -
Source Network Address: -
Source Port: -
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.