Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
2,439 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/8/2009 2:02:06 PM
Event ID:      5159
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
 
Application Information:
	Process ID:		580
	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 
Network Information:
	Source Address:		0.0.0.0
	Source Port:		50122
	Protocol:		17
 
Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5159</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12810</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
    <EventRecordID>22879734</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>Security</Channel>
    <Computer>AD3.abacus-corp.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">580</Data>
    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
    <Data Name="SourceAddress">0.0.0.0</Data>
    <Data Name="SourcePort">50122</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">0</Data>
    <Data Name="LayerName">%%14608</Data>
    <Data Name="LayerRTID">36</Data>
  </EventData>
</Event>

Open in new window

0
Comment
Question by:LrdKanien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 250 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question