Solved

Event Viewer being flooded with success logs

Posted on 2010-09-10
11
418 Views
Last Modified: 2012-05-10
My backup DC  Win 2000 box is being inundated with success login event logs from workstations. Getting dozens a second over many times during the day.  I believe this has just started because my SQL server also seems to be slower than usual. Ran a network virus scan but nothing picked up.  Any ideas?
0
Comment
Question by:infranetsupport
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 1

Expert Comment

by:Alginald
ID: 33645975
Remove the auditiing of successful logins in auditing in the default domain controller group policy.
Open the default domain controller policy, navigate to Computer Configuration / Windows Settings / Security Sttings / Local Policy / Audit Policy and change the audit account logon events entry.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 33646001
If your backup dc is what everyone is using for authentication then you will see this.  

You can turn off the success logs if you don't want to see them by right clicking the security log in eventviewer and then choosing filter and unchecking success audit.

With SQL and Outlook and anything else clients will authenticate constantly with your dc.  That would give you success logs assuming everything is working like it should.
0
 

Author Comment

by:infranetsupport
ID: 33646002
I dont want to remove the successful logins, i suspect there is an issue. what would cause my server to log so many audits, like 30, in a second?
0
 
LVL 1

Expert Comment

by:Alginald
ID: 33646042
Is there any more information in the event entry, which workstation, which user, etc?
0
 
LVL 10

Expert Comment

by:duffman76
ID: 33646224
If they all point to one user then that could be an issue.  If it is multiple users and workstations it could be any number of things.  You should try and see if you can limit your scope and find similarities in all the messages.
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 

Author Comment

by:infranetsupport
ID: 33646249
Ive narrowed it down to two users but they are thin clients that login into citrix.  all the event log messages are simple successful login messages for one user to a workstation.
0
 

Author Comment

by:infranetsupport
ID: 33646475
It seems like the logins keep happening over and over again all day long.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 33647503
Is the workstation having a connection issue or does it have any software on it that may try to authenticate constantly.  
0
 

Author Comment

by:infranetsupport
ID: 33675467
THe workstations are thin clients and i believe wouldnt work very well at all if connection was at all lost. there is no special software running that would authenticate a lot. The TS clients all pretty much access a SQL server.
0
 
LVL 10

Expert Comment

by:duffman76
ID: 33676370
If the sql database is using windows authentication they could authenticate each time they try to access a table or any part of the database.  
0
 
LVL 4

Accepted Solution

by:
HRL earned 500 total points
ID: 33758628
This may be a setting on the Citrix machines called session sharing. check out the following link for advice on forcing session sharing effectively.

http://support.citrix.com/article/CTX118579
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Registry Error Stop 0X0000051 3 2,783
Question about teaming two NIC's on Server 2012 2 568
Software to report on NTFS folder permissions? 2 478
Windows  Active Directory  Quesiton 8 118
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Some code to ensure data integrity when using macros within Excel. Also included code that helps secure your data within an Excel workbook.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now