Solved

Failure Audit Event ID 537

Posted on 2009-07-03
7
4,613 Views
Last Modified: 2013-12-28

My Situation:
My Situation
Domain Server:  Windows server 2003 for Small Business Server Service Pack 2
Intel Xeon CPU 2.80Ghz and 3.62GB of Ram 1 Application server and


Windows XP Professional version 2002 Service Pack 3
Intel Pentium processor 2.80ghz and 1GB of ram
Intel(R) Pro/100 VE Network Card
I connect to company domain via Linksys workgroup switch.


Everyday for past month I get up to 98 occurrences of Event ID 537 and Event ID 529 see

below.  ID-537 is always from my login ID-529 is from several different logins.  I can log

into the network ok but after I've been on for 1-2 hours I begin loosing network

connectivity and the internet hangs or stops alltogether.  I have 13 other users on this

network and none are having this problem.  

Normally I have my workstation plugged into a workgroup switch which is shared by a unix

box.  I tried plugging the network cable directly into the wall port but same thing

happens. Can you tell me how to 1) find out what is causing this.  2) stop it from

happeninng?  3) fix the problem?

I've pasted event log entries below:



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            7/3/2009
Time:            10:00:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      Deanna
       Domain:            BEALEPRO
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002EE
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/1/2009
Time:            12:46:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      adminprog
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:08 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      admin
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.





Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:11 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:Bitadmin
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24773808
0
 
LVL 18

Expert Comment

by:awawada
ID: 24797096
could i help you?
0
 

Author Comment

by:Bitadmin
ID: 24803461
Awawada,
Thanks for reply each link gave several possibilities and I had to read/try each one.  Unfortunately none worked/applied to my situation.  The 529/537 events occurr when I'm logged into the computer.   I suspect its some type of malware program because when my pc is turned off I do not get any of these in the event log.  Both the links state that the solution is to install the latest sp for windows server 2003 and XP professional.  I already have the latest sp for each installed.  Would appreciate any other suggestions as to how to track down the cause/fix for this.  Please let me know if any additional information about the problem is needed.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 18

Assisted Solution

by:awawada
awawada earned 250 total points
ID: 24803525
0
 

Author Comment

by:Bitadmin
ID: 25061569
Thanks awawada.  I have already tried several antivirus/malware tools but found nothing.  Since this is our main domain server I have to schedule saturday to work so as not to disturb other employees.  will post next week as this saturday was available.  Thanks for your help.
0
 

Author Comment

by:Bitadmin
ID: 25061576
sorry I will try some of the links you gave above to see if they catch anything.  Thanks again
0
 

Accepted Solution

by:
Bitadmin earned 0 total points
ID: 25117704
Cannot find solution for this I will try to reword question to more specifically describe problem closing for now no points awarded
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An article on effective troubleshooting
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question