Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2167
  • Last Modified:

Multiple logon failures Advapi Logon type 5

Hello,  I have logon failures every minute in event viewer.  Logon type is 5, logon process advapi.  I traced the process id to services.exe.  I can't figure out which service is causing it. The username that it's using is a user's account on the domain.   I disabled FTP, sharepoint, and IIS services since they aren't being used anyway, and restarted the server.  Still no luck.  the Computer name is the server's name, but how can I trace which service is causing this?
0
Sean Rhudy
Asked:
Sean Rhudy
  • 3
  • 3
1 Solution
 
khaledfCommented:
can you explain more where are you getting this event? in domain controler?
can you see from which machine you are getting the failed logon attempt from?
0
 
Sean RhudyPresidentAuthor Commented:
I'm getting it on the domain controller, it's the only server.  It's coming from itself, the server.  It gives a process id of 416.  I used task manager and traced it to services.exe.  So it must be one of the services that is trying to authenticate but can't.  I checked all of the started services, and none of them are using this user account.  I'm not sure how to find out exactly which service is causing the issue.
0
 
Sean RhudyPresidentAuthor Commented:
It's the lsass.exe process that is causing the failure login events.  Could it be an lsass virus?
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
khaledfCommented:
have you changed the admin password recently?
go to services and you can see what services are using credentials of admin or any other user.
0
 
khaledfCommented:
can you also post event the details of the event log?
0
 
Sean RhudyPresidentAuthor Commented:
This ended up being a rogue service that was trying to login.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now