Solved

Multiple failed logon attempts from "Windows Manager\DWM-#"

Posted on 2014-09-15
3
7,420 Views
Last Modified: 2014-10-24
Hello,
During a recent network audit, we noticed that Windows 8, and server2012 machines have multiple failed logon attempts from the users "Window Management\DWM-1" (-2 -3 etc). After a bit of research I have found multiple articles on the Desktop Windows Manager hogging resources, or failing to start, but I cannot seem to find anyone who has experienced (or noticed) that these service accounts are creating failed logon attempts. I was hoping someone might be able to shed some light on this.
0
Comment
Question by:CCtech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 14

Expert Comment

by:Rob Miners
ID: 40324773
If you are using McAfee Agent (MA) 4.8 P1 check this link for relevent information.
https://kc.mcafee.com/corporate/index?page=content&id=KB81557

Because of Desktop Window Manager (DWM-X is the command), Agent-to-Server Connection (ASC) fails on Windows 2012 R2 servers and Windows 8 clients.
NOTE: The -X entry above is a random number for a user that Desktop Windows Manager creates.

Examples:
 window manager\dwm-1
 window manager\dwm-2
 window manager\dwm-3
 window manager\dwm-4

And this one for an update
https://kc.mcafee.com/corporate/index?page=content&id=KB56057
0
 
LVL 1

Author Comment

by:CCtech
ID: 40333058
Thank you for the reply Rob. Unfortunately, we are not using any mcafee products.
0
 
LVL 14

Accepted Solution

by:
Rob Miners earned 500 total points
ID: 40334078
Check with Task Manager on one of the systems for Users logged on as dwm-1, dwm-2, dwm-3 etc..
Then do a Clean Boot re applying items until you find out what software is causing the dwm user sessions.
https://support.microsoft.com/kb/929135/en-us

ref# http://social.technet.microsoft.com/Forums/windows/en-US/29a96616-c942-4d33-9a0b-c4fa5a20c6b4/why-is-desktop-windows-manager-12345-or-6-in-task-manager-in-windows-8?forum=w8itprosecurity#79974b8e-2ac1-438f-8527-80c5b7074ade

Also on a system with the problems run this command line and check the output

Type or copy/paste the below commands and then press the Enter key after each command.

wevtutil qe application "/q:*[System[(EventID=1000)]]" /rd:true /f:text /c:25 > "%userprofile%\Desktop"\EventID1000.txt

note: check for "Source: Application Error"

wevtutil qe application "/q:*[System[(EventID=1001)]]" /rd:true /f:text /c:25 > "%userprofile%\Desktop"\EventID1001.txt

note: check for "Event Name: AppHang"

Check the files for clues that may lead to a solution to your problem.

Also ensure that you have the latest device drivers installed.
0

Featured Post

Now Available: Firebox Cloud for AWS and FireboxV

Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS).

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Smart phones, smart watches, Bluetooth-connected devices—the IoT is all around us. In this article, we take a look at the security implications of our highly connected world.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question