LrdKanien
asked on
Windows Server 2008, DC, Security Logs Audit Failure
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/8/2009 2:02:06 PM
Event ID: 5159
Task Category: Filtering Platform Connection
Level: Information
Keywords: Audit Failure
User: N/A
Computer: AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
Application Information:
Process ID: 580
Application Name: \device\harddiskvolume1\windows\system32\lsass.exe
Network Information:
Source Address: 0.0.0.0
Source Port: 50122
Protocol: 17
Filter Information:
Filter Run-Time ID: 0
Layer Name: Resource Assignment
Layer Run-Time ID: 36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
<EventID>5159</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12810</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
<EventRecordID>22879734</EventRecordID>
<Correlation />
<Execution ProcessID="4" ThreadID="84" />
<Channel>Security</Channel>
<Computer>AD3.abacus-corp.com</Computer>
<Security />
</System>
<EventData>
<Data Name="ProcessId">580</Data>
<Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
<Data Name="SourceAddress">0.0.0.0</Data>
<Data Name="SourcePort">50122</Data>
<Data Name="Protocol">17</Data>
<Data Name="FilterRTID">0</Data>
<Data Name="LayerName">%%14608</Data>
<Data Name="LayerRTID">36</Data>
</EventData>
</Event>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.