Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
2,406 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/8/2009 2:02:06 PM
Event ID:      5159
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
 
Application Information:
	Process ID:		580
	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 
Network Information:
	Source Address:		0.0.0.0
	Source Port:		50122
	Protocol:		17
 
Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5159</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12810</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
    <EventRecordID>22879734</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>Security</Channel>
    <Computer>AD3.abacus-corp.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">580</Data>
    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
    <Data Name="SourceAddress">0.0.0.0</Data>
    <Data Name="SourcePort">50122</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">0</Data>
    <Data Name="LayerName">%%14608</Data>
    <Data Name="LayerRTID">36</Data>
  </EventData>
</Event>

Open in new window

0
Comment
Question by:LrdKanien
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 250 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was asked if I could set up a fax machine so that incoming faxes were delivered to people's Exchange inboxes and so that they could send faxes from their desktops without needing to print the document first.  I knew it was possible but I had no id…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question