Start Free TrialLog in
Avatar of R W
R WFlag for United States of America

asked on 

An account failed to log on (security monitoring)

We have this monitoring program called EIQ and it logs events like these. But I'm having a hard time understanding this. Does this say our Administrator account is the problem here? All of us fail sometimes at the first attempt to log into a system as the admin but I'm not sure why all of a sudden it is logging an event like this. I would think a failed admin account would show up more often in reports.

Raw Event: 10Hostwindows08/13/2015 10:14:14uid=domaincontroller ip=10.2.2.5 hostname=domaincontroller ec=529 et=Failure Audit facility=security source=Security sev=failure npri=1 msg="Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: WORKSTATIONID Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: WORSTATIONID Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.2.2.199 Source Port: 0 Caller Process Name: (null)" sip=10.2.2.199 sport=0 dip=10.2.2.5 user=administrator logondomain=WORKSTATIONID logonwrkst=WORKSTATIONID process=(null) domain=workstationid auth-method=NtLmSsp shortdesc=Logon Failure. Reason: Unknown user name or bad password. authtype=NTLM logontype=Network ecat=Authentication ecatsubcat=Logon ecatresult=Failure alertrule=Rule 1 node-group=managed
Security
Avatar of undefined
Last Comment
Aland Coons
ASKER CERTIFIED SOLUTION
Avatar of Paul MacDonald
Paul MacDonald
Flag of United States of America image
Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Aland Coons
Aland Coons
Flag of United States of America image
Check for services running with administrator credentials.  

When the administrator password changes the services will fail to start until the password is updated again.   Using an administrator account for running a service is insecure as you want to provide the least permissions required.   Try setting up a service account with the necessary permissions.
Security
Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts

  • "Invaluable tool for our organization"

    Josh Regalski

  • "Your help has saved me hundreds of hours of internet surfing."

    @fblack61

  • "Just a dang good service!"

    @golferski

  • "Worth every penny."

    Steve Hougom

  • "It’s been a life saver."

    Maria Halt

  • "Best support site I’ve seen!"

    Bob Schneider

  • "I would be lost without them."

    @fblack61

  • "Saved my job multiple times."

    Walt Forbes

  • "I love this site."

    Maria Duwe

  • "Friendly respectful help."

    Andrew Kowtalo

  • "Such top-notch experts."

    @magento

  • "The best money I have ever spent."

    @rwheeler23

  • "Beyond any comprehensible value"

    George Morris

  • "Invaluable tool for our organization"

    Josh Regalski

Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo
© 1996-2023 Experts Exchange, LLC. All rights reserved. Covered by US Patent