Password checking is running-please help



Hi people,
I get lot of these on my Windows 2000 server:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 2006-04-14
Time: 06:01:51
Computer: OSTGOTA
Logon Failure:
Reason: Unknown user name or bad password
User Name: Admin
Domain: RM1043
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: RM1043

Any ideas guys, how to dig more about this. I get these almost every minute.

Steven L Umbach

Is the server a domain controller? If it is that might not be unusual if
there are domain clients using XP Pro that have not upgraded to SP2 and the
user is logging on with a local computer account. The link below explains
more. If it is not a domain controller then you may have someone from
computer RM1043 trying to access the administrator account on your server.
Do you recognize computer named RM1043 as being a computer on your
etwork? --- Steve;en-us;811082

Steven L Umbach

OK. Do you recognize and of the computer names? What is the server used for?
How long have these events been appearing in the log? I would double check
your firewall configuration to make sure that only needed services are
enabled and exposed to the network adapters. In a pinch you could use one of
the self scan sites to make sure that you do not have unneeded ports open
such as file and print sharing such as at ---
.. Make sure file and print sharing is disabled on the external network
adapter. MBSA can help check for some vulnerabilities on your server if you
have not used it before. --- Steve --- MBSA

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question