Solved

Failure Audit Event ID 537

Posted on 2009-07-03
7
4,562 Views
Last Modified: 2013-12-28

My Situation:
My Situation
Domain Server:  Windows server 2003 for Small Business Server Service Pack 2
Intel Xeon CPU 2.80Ghz and 3.62GB of Ram 1 Application server and


Windows XP Professional version 2002 Service Pack 3
Intel Pentium processor 2.80ghz and 1GB of ram
Intel(R) Pro/100 VE Network Card
I connect to company domain via Linksys workgroup switch.


Everyday for past month I get up to 98 occurrences of Event ID 537 and Event ID 529 see

below.  ID-537 is always from my login ID-529 is from several different logins.  I can log

into the network ok but after I've been on for 1-2 hours I begin loosing network

connectivity and the internet hangs or stops alltogether.  I have 13 other users on this

network and none are having this problem.  

Normally I have my workstation plugged into a workgroup switch which is shared by a unix

box.  I tried plugging the network cable directly into the wall port but same thing

happens. Can you tell me how to 1) find out what is causing this.  2) stop it from

happeninng?  3) fix the problem?

I've pasted event log entries below:



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            7/3/2009
Time:            10:00:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      Deanna
       Domain:            BEALEPRO
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002EE
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/1/2009
Time:            12:46:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      adminprog
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:08 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      admin
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.





Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:11 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:Bitadmin
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24773808
0
 
LVL 18

Expert Comment

by:awawada
ID: 24797096
could i help you?
0
 

Author Comment

by:Bitadmin
ID: 24803461
Awawada,
Thanks for reply each link gave several possibilities and I had to read/try each one.  Unfortunately none worked/applied to my situation.  The 529/537 events occurr when I'm logged into the computer.   I suspect its some type of malware program because when my pc is turned off I do not get any of these in the event log.  Both the links state that the solution is to install the latest sp for windows server 2003 and XP professional.  I already have the latest sp for each installed.  Would appreciate any other suggestions as to how to track down the cause/fix for this.  Please let me know if any additional information about the problem is needed.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 18

Assisted Solution

by:awawada
awawada earned 250 total points
ID: 24803525
0
 

Author Comment

by:Bitadmin
ID: 25061569
Thanks awawada.  I have already tried several antivirus/malware tools but found nothing.  Since this is our main domain server I have to schedule saturday to work so as not to disturb other employees.  will post next week as this saturday was available.  Thanks for your help.
0
 

Author Comment

by:Bitadmin
ID: 25061576
sorry I will try some of the links you gave above to see if they catch anything.  Thanks again
0
 

Accepted Solution

by:
Bitadmin earned 0 total points
ID: 25117704
Cannot find solution for this I will try to reword question to more specifically describe problem closing for now no points awarded
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Although it can be difficult to imagine, someday your child will have a career of his or her own. He or she will likely start a family, buy a home and start having their own children. So, while being a kid is still extremely important, it’s also …
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now