alan-blair
asked on
How to troubleshoot failed login attempts on an MS Server
I have a client who gets a lot of reported failed login attempts with no user name on their server. Is there any way I can track which PC or service these attempts come from?
Server: SBS 2003
Report example, (23 events for this day):
-------------------------- ----
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC0000133
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.62
Source Port: 3789
-------------------------- ---------- -
Server: SBS 2003
Report example, (23 events for this day):
--------------------------
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC0000133
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.62
Source Port: 3789
--------------------------
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
mugojava pointed out the obvious. I guess I was steering at the screen to long to see what was in front of me.
Been there, done that! Kinda gettin' the stares today... :) glad I could help.
ASKER
Well, I should have seen that shouldn't I... Too quick to post a question without looking at the detail.
Thanks,
Alan Blair.