LSASRV - Event ID 40968...

G

Guest

Seeing the following event being logged on our servers, when a Security
(Vulnerability) scan is run in the environment. Is there any way to prevent
these events from being logged/reported?

40968,WARNING,LSASRV,Sun Feb xx xx:xx:xx 2006,No User,The Security System
has received an authentication request that could not be decoded. The
request has failed.
 
R

Roger Abell [MVP]

I doubt that there is a way, at least not without disabling more
than you would want disabled.
I also am left wondering why as these are intended to clue the
admin that something is amiss - either an intentional attempt to
"plug up" or compromise the correct function of the (arguably)
most critical subsystem, or an unintended client in error state.
 
G

Guest

Agree on the fact that this event is informational as in when an intentional
attempt is made, an Admin needs to be notified, but, if there are known
reasons why this event is being logged, is there anyway we can tune or better
perform the Security scan to prevent this alert from being logged? Wouldn't
this event be tagged/trigger an event in the MOM console (we are yet to
deploy MOM though)...
 
R

Roger Abell [MVP]

There may be some logging level reg key lsa will respect
but you would need to search it out, if these is public doc
of it, unless someone knows and posts of it.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

LSASRV Event ID: 40968 0
Event ID : 40960 LSAsrv / SPNego 2
Event ID 40960 & 40961 1
Event ID 40960 1
LSASRV / DNS question 8
Event ID 40960 + 40961 / SPNEGO 5
Lsasrv Event ID 40960 12
LSASRV Event ID 40961 2

Top