Avatar of R W
R WFlag for United States of America

asked on 

An account failed to log on (security monitoring)

We have this monitoring program called EIQ and it logs events like these. But I'm having a hard time understanding this. Does this say our Administrator account is the problem here? All of us fail sometimes at the first attempt to log into a system as the admin but I'm not sure why all of a sudden it is logging an event like this. I would think a failed admin account would show up more often in reports.

Raw Event: 10Hostwindows08/13/2015 10:14:14uid=domaincontroller ip= hostname=domaincontroller ec=529 et=Failure Audit facility=security source=Security sev=failure npri=1 msg="Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: WORKSTATIONID Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: WORSTATIONID Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: Source Port: 0 Caller Process Name: (null)" sip= sport=0 dip= user=administrator logondomain=WORKSTATIONID logonwrkst=WORKSTATIONID process=(null) domain=workstationid auth-method=NtLmSsp shortdesc=Logon Failure. Reason: Unknown user name or bad password. authtype=NTLM logontype=Network ecat=Authentication ecatsubcat=Logon ecatresult=Failure alertrule=Rule 1 node-group=managed

Avatar of undefined
Last Comment
Aland Coons
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Aland Coons
Aland Coons
Flag of United States of America image

Check for services running with administrator credentials.  

When the administrator password changes the services will fail to start until the password is updated again.   Using an administrator account for running a service is insecure as you want to provide the least permissions required.   Try setting up a service account with the necessary permissions.

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo