troubleshooting Question
BEUSER
Hi,
I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address: 85.31.101.229 using Port# 50227 with Workstation Name "ШУРА-ПК".
Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent: Europe (EU) Country: Latvia and we don't have any computer user living outside US.
How is it possible for anyone to log in wit this user account?
Is the port# 50227 is designed to accept BEUSER?
I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.
Can you help?
--------------------------
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: Domain_Name\BEUser
Account Name: BEUser
Account Domain: NHECO
Logon ID: 0x147e7e
Logon GUID: {00000000-0000-0000-0000-0
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ШУРА-ПК
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
--------------------------
Network Information:
Network Address: 85.31.101.229
Port: 50227
--------------------------
I have a Windows 2008 server (domain joined). As you can see in the events listed below, unknown user account 'beuser' has successfully logged in to Terminal server from IP address Network Address: 85.31.101.229 using Port# 50227 with Workstation Name "ШУРА-ПК".
Clearly this user name BEUSER does not exist in Active Directory. When I run IP Trace, It says: Continent: Europe (EU) Country: Latvia and we don't have any computer user living outside US.
How is it possible for anyone to log in wit this user account?
Is the port# 50227 is designed to accept BEUSER?
I have Linksys Router that does NAT and port forwarding and I run Backup Exec software on the Domain Controller.
Can you help?
--------------------------
An account was successfully logged on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: Domain_Name\BEUser
Account Name: BEUser
Account Domain: NHECO
Logon ID: 0x147e7e
Logon GUID: {00000000-0000-0000-0000-0
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: ШУРА-ПК
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V2
Key Length: 128
--------------------------
Network Information:
Network Address: 85.31.101.229
Port: 50227
--------------------------
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.