We run SBS2003 and I have been getting emails that read:
Subject Line: "Account Lockout (Event ID: 539) Alert on SERVER"
I then went to the SBS server to check out the Security event viewer and saw that event ID 539 occurred once but Event ID 529 has been occurring frequently. (See Attached picture for example).
There are multiple event ID 529 instances logged even today. The wierd thing is that each event logged notes a different username. If you will notice in picture1 where it says "Username: texas." The other event 529's look the same but all have different usernames, and these usernames are not at all anything like any valid username. Other examples of invalid usernames that are appearing are : q1w2e3, radio, pizza, piano (see picture 3)
1. What does this mean?
2. Is someone or some virus is making attempts to access our network?
3. Should I be concerned?
4. How can I track down and eliminate the source of this.
Thanks for your help!!