Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
2,417 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/8/2009 2:02:06 PM
Event ID:      5159
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
 
Application Information:
	Process ID:		580
	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 
Network Information:
	Source Address:		0.0.0.0
	Source Port:		50122
	Protocol:		17
 
Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5159</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12810</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
    <EventRecordID>22879734</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>Security</Channel>
    <Computer>AD3.abacus-corp.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">580</Data>
    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
    <Data Name="SourceAddress">0.0.0.0</Data>
    <Data Name="SourcePort">50122</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">0</Data>
    <Data Name="LayerName">%%14608</Data>
    <Data Name="LayerRTID">36</Data>
  </EventData>
</Event>

Open in new window

0
Comment
Question by:LrdKanien
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 250 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question