<div>
Thanks, I'll check out the logfiles.
</div>


<div>
<div class="content wysiwyg-content">
I've had a lot of failed login lately via RWW on our SBS 2008 server. I find these in the Event Security log under event ID 4771 and I have a task created to send me a message when failures occur.<br />
<br />
If someone on the local domain fails, the event shows a Client Address as one of the LAN workstations. However, for some questionable failures, the IP address is ::1. Clearly this tells me nothing. Is there a way to see the actual IP address from where this attempt is originating?
</div>
</div>


I've had a lot of failed login lately via RWW on our SBS 2008 server. I find these in the Event Security log under event ID 4771 and I have a task created to send me a message when failures occur.

If someone on the local domain fails, the event shows a Client Address as one of the LAN workstations. However, for some questionable failures, the IP address is ::1. Clearly this tells me nothing. Is there a way to see the actual IP address from where this attempt is originating?

How to determine source of failed login for Remote Web Workplace

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).

Remote access may refer to the connection to a data-processing system from a remote location, for example through a virtual private network remote desktop software, terminal emulation, or the activation of features of a business telephone system from outside the business's premises.