Solved

Failure Audit Event ID 537

Posted on 2009-07-03
7
4,602 Views
Last Modified: 2013-12-28

My Situation:
My Situation
Domain Server:  Windows server 2003 for Small Business Server Service Pack 2
Intel Xeon CPU 2.80Ghz and 3.62GB of Ram 1 Application server and


Windows XP Professional version 2002 Service Pack 3
Intel Pentium processor 2.80ghz and 1GB of ram
Intel(R) Pro/100 VE Network Card
I connect to company domain via Linksys workgroup switch.


Everyday for past month I get up to 98 occurrences of Event ID 537 and Event ID 529 see

below.  ID-537 is always from my login ID-529 is from several different logins.  I can log

into the network ok but after I've been on for 1-2 hours I begin loosing network

connectivity and the internet hangs or stops alltogether.  I have 13 other users on this

network and none are having this problem.  

Normally I have my workstation plugged into a workgroup switch which is shared by a unix

box.  I tried plugging the network cable directly into the wall port but same thing

happens. Can you tell me how to 1) find out what is causing this.  2) stop it from

happeninng?  3) fix the problem?

I've pasted event log entries below:



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            7/3/2009
Time:            10:00:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      Deanna
       Domain:            BEALEPRO
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002EE
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/1/2009
Time:            12:46:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      adminprog
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:08 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      admin
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.





Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:11 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:Bitadmin
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24773808
0
 
LVL 18

Expert Comment

by:awawada
ID: 24797096
could i help you?
0
 

Author Comment

by:Bitadmin
ID: 24803461
Awawada,
Thanks for reply each link gave several possibilities and I had to read/try each one.  Unfortunately none worked/applied to my situation.  The 529/537 events occurr when I'm logged into the computer.   I suspect its some type of malware program because when my pc is turned off I do not get any of these in the event log.  Both the links state that the solution is to install the latest sp for windows server 2003 and XP professional.  I already have the latest sp for each installed.  Would appreciate any other suggestions as to how to track down the cause/fix for this.  Please let me know if any additional information about the problem is needed.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 18

Assisted Solution

by:awawada
awawada earned 250 total points
ID: 24803525
0
 

Author Comment

by:Bitadmin
ID: 25061569
Thanks awawada.  I have already tried several antivirus/malware tools but found nothing.  Since this is our main domain server I have to schedule saturday to work so as not to disturb other employees.  will post next week as this saturday was available.  Thanks for your help.
0
 

Author Comment

by:Bitadmin
ID: 25061576
sorry I will try some of the links you gave above to see if they catch anything.  Thanks again
0
 

Accepted Solution

by:
Bitadmin earned 0 total points
ID: 25117704
Cannot find solution for this I will try to reword question to more specifically describe problem closing for now no points awarded
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developer portfolios can be a bit of an enigma—how do you present yourself to employers without burying them in lines of code?  A modern portfolio is more than just work samples, it’s also a statement of how you work.
An article on effective troubleshooting
The viewer will get a basic understanding of what section 508 compliance can entail, learn about skip navigation links, alt text, transcripts, and font size controls.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question