Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
2,429 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/8/2009 2:02:06 PM
Event ID:      5159
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
 
Application Information:
	Process ID:		580
	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 
Network Information:
	Source Address:		0.0.0.0
	Source Port:		50122
	Protocol:		17
 
Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5159</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12810</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
    <EventRecordID>22879734</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>Security</Channel>
    <Computer>AD3.abacus-corp.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">580</Data>
    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
    <Data Name="SourceAddress">0.0.0.0</Data>
    <Data Name="SourcePort">50122</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">0</Data>
    <Data Name="LayerName">%%14608</Data>
    <Data Name="LayerRTID">36</Data>
  </EventData>
</Event>

Open in new window

0
Comment
Question by:LrdKanien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 250 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question