Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Failure Audit Event ID 537

Posted on 2009-07-03
7
Medium Priority
?
4,669 Views
Last Modified: 2013-12-28

My Situation:
My Situation
Domain Server:  Windows server 2003 for Small Business Server Service Pack 2
Intel Xeon CPU 2.80Ghz and 3.62GB of Ram 1 Application server and


Windows XP Professional version 2002 Service Pack 3
Intel Pentium processor 2.80ghz and 1GB of ram
Intel(R) Pro/100 VE Network Card
I connect to company domain via Linksys workgroup switch.


Everyday for past month I get up to 98 occurrences of Event ID 537 and Event ID 529 see

below.  ID-537 is always from my login ID-529 is from several different logins.  I can log

into the network ok but after I've been on for 1-2 hours I begin loosing network

connectivity and the internet hangs or stops alltogether.  I have 13 other users on this

network and none are having this problem.  

Normally I have my workstation plugged into a workgroup switch which is shared by a unix

box.  I tried plugging the network cable directly into the wall port but same thing

happens. Can you tell me how to 1) find out what is causing this.  2) stop it from

happeninng?  3) fix the problem?

I've pasted event log entries below:



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            7/3/2009
Time:            10:00:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      Deanna
       Domain:            BEALEPRO
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002EE
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/1/2009
Time:            12:46:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      adminprog
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:08 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      admin
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.





Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:11 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:Bitadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24797096
could i help you?
0
 

Author Comment

by:Bitadmin
ID: 24803461
Awawada,
Thanks for reply each link gave several possibilities and I had to read/try each one.  Unfortunately none worked/applied to my situation.  The 529/537 events occurr when I'm logged into the computer.   I suspect its some type of malware program because when my pc is turned off I do not get any of these in the event log.  Both the links state that the solution is to install the latest sp for windows server 2003 and XP professional.  I already have the latest sp for each installed.  Would appreciate any other suggestions as to how to track down the cause/fix for this.  Please let me know if any additional information about the problem is needed.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Assisted Solution

by:awawada
awawada earned 1000 total points
ID: 24803525
0
 

Author Comment

by:Bitadmin
ID: 25061569
Thanks awawada.  I have already tried several antivirus/malware tools but found nothing.  Since this is our main domain server I have to schedule saturday to work so as not to disturb other employees.  will post next week as this saturday was available.  Thanks for your help.
0
 

Author Comment

by:Bitadmin
ID: 25061576
sorry I will try some of the links you gave above to see if they catch anything.  Thanks again
0
 

Accepted Solution

by:
Bitadmin earned 0 total points
ID: 25117704
Cannot find solution for this I will try to reword question to more specifically describe problem closing for now no points awarded
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
By default Outlook 2016 displays only one time zone in the Calendar. The following article explains how to display two time zones in one calendar view.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question