Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
2,380 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security

Source:        Microsoft-Windows-Security-Auditing

Date:          4/8/2009 2:02:06 PM

Event ID:      5159

Task Category: Filtering Platform Connection

Level:         Information

Keywords:      Audit Failure

User:          N/A

Computer:      AD3.abacus-corp.com

Description:

The Windows Filtering Platform has blocked a bind to a local port.
 

Application Information:

	Process ID:		580

	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 

Network Information:

	Source Address:		0.0.0.0

	Source Port:		50122

	Protocol:		17
 

Filter Information:

	Filter Run-Time ID:	0

	Layer Name:		Resource Assignment

	Layer Run-Time ID:	36

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />

    <EventID>5159</EventID>

    <Version>0</Version>

    <Level>0</Level>

    <Task>12810</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8010000000000000</Keywords>

    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />

    <EventRecordID>22879734</EventRecordID>

    <Correlation />

    <Execution ProcessID="4" ThreadID="84" />

    <Channel>Security</Channel>

    <Computer>AD3.abacus-corp.com</Computer>

    <Security />

  </System>

  <EventData>

    <Data Name="ProcessId">580</Data>

    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>

    <Data Name="SourceAddress">0.0.0.0</Data>

    <Data Name="SourcePort">50122</Data>

    <Data Name="Protocol">17</Data>

    <Data Name="FilterRTID">0</Data>

    <Data Name="LayerName">%%14608</Data>

    <Data Name="LayerRTID">36</Data>

  </EventData>

</Event>

Open in new window

0
Comment
Question by:LrdKanien
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 250 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Do email signature updates give you a headache?

Do you feel like all of your time is spent managing email signatures? Too busy to visit every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

Join & Write a Comment

Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now