Link to home
Start Free TrialLog in
Avatar of Sheldon Livingston
Sheldon LivingstonFlag for United States of America

asked on

Failed login attempts found in log

My server 2003 machine is logging hundreds and hundreds of event 529 in the security log... failed log in attempt.

The logon type is 3... network type.  The workstation is the server itself.

What would this mean?
ASKER CERTIFIED SOLUTION
Avatar of Dr. Klahn
Dr. Klahn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Naveen Sharma
Naveen Sharma

May be someone trying to brute force their way in.

Some common causes for invalid logon events:
- Forgotten passwords, someone is entering the wrong password.
- An unauthorized individual is trying to gain access to the network.
- There is a persistent network connection with an invalid password.
- There is a service using a user account with an invalid password.
- Trust relationship has been broken.


https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=529
http://www.eventid.net/display.asp?eventid=529&eventno=1&source=Security&phase=1
https://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/
Avatar of Sheldon Livingston

ASKER

At the end of the day we have something in the ether trying to log into our remote server.