?
Solved

Failure Audit Event ID 537

Posted on 2009-07-03
7
Medium Priority
?
4,654 Views
Last Modified: 2013-12-28

My Situation:
My Situation
Domain Server:  Windows server 2003 for Small Business Server Service Pack 2
Intel Xeon CPU 2.80Ghz and 3.62GB of Ram 1 Application server and


Windows XP Professional version 2002 Service Pack 3
Intel Pentium processor 2.80ghz and 1GB of ram
Intel(R) Pro/100 VE Network Card
I connect to company domain via Linksys workgroup switch.


Everyday for past month I get up to 98 occurrences of Event ID 537 and Event ID 529 see

below.  ID-537 is always from my login ID-529 is from several different logins.  I can log

into the network ok but after I've been on for 1-2 hours I begin loosing network

connectivity and the internet hangs or stops alltogether.  I have 13 other users on this

network and none are having this problem.  

Normally I have my workstation plugged into a workgroup switch which is shared by a unix

box.  I tried plugging the network cable directly into the wall port but same thing

happens. Can you tell me how to 1) find out what is causing this.  2) stop it from

happeninng?  3) fix the problem?

I've pasted event log entries below:



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      537
Date:            7/3/2009
Time:            10:00:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            An error occurred during logon
       User Name:      Deanna
       Domain:            BEALEPRO
       Logon Type:      3
       Logon Process:      Kerberos
       Authentication Package:      Kerberos
       Workstation Name:      -
       Status code:      0xC00002EE
       Substatus code:      0x0
       Caller User Name:      -
       Caller Domain:      -
       Caller Logon ID:      -
       Caller Process ID:      -
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:20 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      info
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.



Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            7/1/2009
Time:            12:46:05 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      adminprog
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.




Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:08 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      admin
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.





Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            6/29/2009
Time:            5:28:11 AM
User:            NT AUTHORITY\SYSTEM
Computer:      NTSERVER
Description:
Logon Failure:
       Reason:            Unknown user name or bad password
       User Name:      test
       Domain:            
       Logon Type:      3
       Logon Process:      Advapi  
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      NTSERVER
       Caller User Name:      NTSERVER$
       Caller Domain:      BEALEPRO
       Caller Logon ID:      (0x0,0x3E7)
       Caller Process ID:      1860
       Transited Services:      -
       Source Network Address:      -
       Source Port:      -


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:Bitadmin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 18

Expert Comment

by:awawada
ID: 24797096
could i help you?
0
 

Author Comment

by:Bitadmin
ID: 24803461
Awawada,
Thanks for reply each link gave several possibilities and I had to read/try each one.  Unfortunately none worked/applied to my situation.  The 529/537 events occurr when I'm logged into the computer.   I suspect its some type of malware program because when my pc is turned off I do not get any of these in the event log.  Both the links state that the solution is to install the latest sp for windows server 2003 and XP professional.  I already have the latest sp for each installed.  Would appreciate any other suggestions as to how to track down the cause/fix for this.  Please let me know if any additional information about the problem is needed.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 18

Assisted Solution

by:awawada
awawada earned 1000 total points
ID: 24803525
0
 

Author Comment

by:Bitadmin
ID: 25061569
Thanks awawada.  I have already tried several antivirus/malware tools but found nothing.  Since this is our main domain server I have to schedule saturday to work so as not to disturb other employees.  will post next week as this saturday was available.  Thanks for your help.
0
 

Author Comment

by:Bitadmin
ID: 25061576
sorry I will try some of the links you gave above to see if they catch anything.  Thanks again
0
 

Accepted Solution

by:
Bitadmin earned 0 total points
ID: 25117704
Cannot find solution for this I will try to reword question to more specifically describe problem closing for now no points awarded
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question