View logon failures with computer identification

Posted on 2009-04-16
Medium Priority
Last Modified: 2013-12-06
I am looking for something that will give me details for logon failures on my 2008 domain controllers.  I need to see what computers are being used for these failures.  When I look at the event viewer, it does not give me the details I need.  I would like the name of the computer, but the IP address would do.  Am I not setting up the event viewer correctly or is there a product (not too expensive) that I can get?  I am having a problem with account lock outs and I need to know who is doing this.
Question by:jtennyson

Expert Comment

ID: 24161912
Account Lockouts can occur when some computers in the Active Directory Domain perform a DDos Attack due to lack of security patches.

We received a lot of account lockouts during the month of Feb & March, but most of them were resolved when we deployed the patches

KB 958644 - http://support.microsoft.com/kb/958644
KB 958687.- http://support.microsoft.com/kb/958644

I sincerely would suggest  you to patch all your workstations asap and also update whether you are currently hosting a WSUS Server in your Network

Author Comment

ID: 24166816
My workstations are patched.  Certain accounts are being locked out.  I need to be able to find out what computer is being used to try and log in under these accounts.

Accepted Solution

tilbard earned 2000 total points
ID: 24170702
Download the Account Lockout Tools from Microsoft.

The EventCombMT in particular is usefull. You can set it to search for events within a certain time period, and it has built-in queries for lockout events. It also will allow you to export to .CSV for easy searching.

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question