Solved

Multiple failed logon attempts from "Windows Manager\DWM-#"

Posted on 2014-09-15
3
8,298 Views
Last Modified: 2014-10-24
Hello,
During a recent network audit, we noticed that Windows 8, and server2012 machines have multiple failed logon attempts from the users "Window Management\DWM-1" (-2 -3 etc). After a bit of research I have found multiple articles on the Desktop Windows Manager hogging resources, or failing to start, but I cannot seem to find anyone who has experienced (or noticed) that these service accounts are creating failed logon attempts. I was hoping someone might be able to shed some light on this.
0
Comment
Question by:CCtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:Rob Miners
ID: 40324773
If you are using McAfee Agent (MA) 4.8 P1 check this link for relevent information.
https://kc.mcafee.com/corporate/index?page=content&id=KB81557

Because of Desktop Window Manager (DWM-X is the command), Agent-to-Server Connection (ASC) fails on Windows 2012 R2 servers and Windows 8 clients.
NOTE: The -X entry above is a random number for a user that Desktop Windows Manager creates.

Examples:
 window manager\dwm-1
 window manager\dwm-2
 window manager\dwm-3
 window manager\dwm-4

And this one for an update
https://kc.mcafee.com/corporate/index?page=content&id=KB56057
0
 
LVL 1

Author Comment

by:CCtech
ID: 40333058
Thank you for the reply Rob. Unfortunately, we are not using any mcafee products.
0
 
LVL 14

Accepted Solution

by:
Rob Miners earned 500 total points
ID: 40334078
Check with Task Manager on one of the systems for Users logged on as dwm-1, dwm-2, dwm-3 etc..
Then do a Clean Boot re applying items until you find out what software is causing the dwm user sessions.
https://support.microsoft.com/kb/929135/en-us

ref# http://social.technet.microsoft.com/Forums/windows/en-US/29a96616-c942-4d33-9a0b-c4fa5a20c6b4/why-is-desktop-windows-manager-12345-or-6-in-task-manager-in-windows-8?forum=w8itprosecurity#79974b8e-2ac1-438f-8527-80c5b7074ade

Also on a system with the problems run this command line and check the output

Type or copy/paste the below commands and then press the Enter key after each command.

wevtutil qe application "/q:*[System[(EventID=1000)]]" /rd:true /f:text /c:25 > "%userprofile%\Desktop"\EventID1000.txt

note: check for "Source: Application Error"

wevtutil qe application "/q:*[System[(EventID=1001)]]" /rd:true /f:text /c:25 > "%userprofile%\Desktop"\EventID1001.txt

note: check for "Event Name: AppHang"

Check the files for clues that may lead to a solution to your problem.

Also ensure that you have the latest device drivers installed.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Ready for our next Course of the Month? Here's what's on tap for June.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question