Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows Server 2008, DC, Security Logs Audit Failure

Posted on 2009-04-08
1
Medium Priority
?
2,452 Views
Last Modified: 2012-05-06
Why does it look like this event is saying that Windows is blocking itself from binding to a port?
Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          4/8/2009 2:02:06 PM
Event ID:      5159
Task Category: Filtering Platform Connection
Level:         Information
Keywords:      Audit Failure
User:          N/A
Computer:      AD3.abacus-corp.com
Description:
The Windows Filtering Platform has blocked a bind to a local port.
 
Application Information:
	Process ID:		580
	Application Name:	\device\harddiskvolume1\windows\system32\lsass.exe
 
Network Information:
	Source Address:		0.0.0.0
	Source Port:		50122
	Protocol:		17
 
Filter Information:
	Filter Run-Time ID:	0
	Layer Name:		Resource Assignment
	Layer Run-Time ID:	36
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-a5ba-3e3b0328c30d}" />
    <EventID>5159</EventID>
    <Version>0</Version>
    <Level>0</Level>
    <Task>12810</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8010000000000000</Keywords>
    <TimeCreated SystemTime="2009-04-08T21:02:06.411Z" />
    <EventRecordID>22879734</EventRecordID>
    <Correlation />
    <Execution ProcessID="4" ThreadID="84" />
    <Channel>Security</Channel>
    <Computer>AD3.abacus-corp.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="ProcessId">580</Data>
    <Data Name="Application">\device\harddiskvolume1\windows\system32\lsass.exe</Data>
    <Data Name="SourceAddress">0.0.0.0</Data>
    <Data Name="SourcePort">50122</Data>
    <Data Name="Protocol">17</Data>
    <Data Name="FilterRTID">0</Data>
    <Data Name="LayerName">%%14608</Data>
    <Data Name="LayerRTID">36</Data>
  </EventData>
</Event>

Open in new window

0
Comment
Question by:LrdKanien
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 20

Accepted Solution

by:
mkbean earned 1000 total points
ID: 24119010
It may be a bug.  Take a look at this thread from the MS Forums.
http://social.msdn.microsoft.com/forums/en-US/wfp/thread/774026e6-a771-418a-b531-22183ef399f8/

Brian
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question