Event ID 529 Logon type 8

Posted on 2009-02-13
Last Modified: 2012-06-22
I keep getting these Failure Audit message in Event Viewer on my Small Business Server. The 1st time I noticed it there were 70,000 logs with the same message with different user names. There are no users in the domain with these names and it makes me very suspicious of hacking.
I cleared the events on the 8th and since then have received 27,000. Anyone know whats going on?

Logon Failure:
       Reason:Unknown user name or bad password
       User Name:      Echotouch
       Domain:(Domain Name)
       Logon Type:      8
       Logon Process: IIS    
       Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name: (My Server Name)
       Caller User Name: (My Server Name)$
       Caller Domain: (Domain Name)
       Caller Logon ID:(0x0,0x3E7)
       Caller Process ID:      2416
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -
Question by:mpcm
    1 Comment
    LVL 15

    Accepted Solution

    Just like you say it seem that someone is trying to gain access to your network.
    They will always try but  you must do your homework.
    Lokk if a hacker want to gain access to your network he probably will. But if it has to come to that:

    Here are a few steps to  help you. most of them are gathered  from EE and other sites.
    Terminal Service Security

    TO find out what ports are open/exposed do the following

    Start >Run >type "cmd" {enter}
    At the command line type "netstat -a" {enter}

    The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

    This is a list of common Trojan/Backdoor Port numbers

    Who is listening? Use this syntax: netstat -an |find /i "listening"
    Established Connections:  Use this syntax: netstat -an |find /i "established"

    ***** helpful Links*****
    Secure your exchange server

    Port Assignments for Commonly-Used Services

    TCP/UDP Ports Used By Exchange 2000 Server;en-us;278339

    Shiny Port List :0)

    *****Portscan Software*****

    Scan Yourself (Free)

    Scan your Ports with Port Detective: lets you scan your PC ports to see which are open, in use, or blocked. This will help you find out how vulnerable your system is to hackers, and will also let you know which ports you can use for applications such as Web servers


    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    This guide is intended for migrating Windows 2003 Standard with Exchange 2003 to Windows Small Business Server 2008. You will need the following: Exchange Best Practice Analyzer:…
    The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now