Link to home
Create AccountLog in
Avatar of sglee
sglee

asked on

BEUSER

Hi,
 
 I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address:      85.31.101.229 using Port#      50227 with Workstation Name "ШУРА-ПК".
 Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent:      Europe (EU) Country:      Latvia and we don't have any computer user living outside US.

 How is it possible for anyone to log in wit this user account?
 Is the port# 50227 is designed to accept BEUSER?

 I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.

 Can you help?

-----------------------------------------------
An account was successfully logged on.

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

New Logon:
      Security ID:            Domain_Name\BEUser
      Account Name:            BEUser
      Account Domain:            NHECO
      Logon ID:            0x147e7e
      Logon GUID:            {00000000-0000-0000-0000-000000000000}

Process Information:
      Process ID:            0x0
      Process Name:            -

Network Information:
      Workstation Name:      ШУРА-ПК
      Source Network Address:      -
      Source Port:            -

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      NTLM V2
      Key Length:            128
-----------------------------------------------------------------
Network Information:
      Network Address:      85.31.101.229
      Port:                  50227
-------------------------------------------------------------
ASKER CERTIFIED SOLUTION
Avatar of Cliff Galiher
Cliff Galiher
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Avatar of sglee
sglee

ASKER

My bad. BEUSER is in Active Directory.
Can I block access from IP address 85.31.101.229 and shut down port number 50227?
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.