Password checking is running-please help

[Guest]

Hi people,
I get lot of these on my Windows 2000 server:
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 2006-04-14
Time: 06:01:51
User: NT AUTHORITY\SYSTEM
Computer: OSTGOTA
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: Admin
Domain: RM1043
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: RM1043

Any ideas guys, how to dig more about this. I get these almost every minute.

 

[Steven L Umbach]

Is the server a domain controller? If it is that might not be unusual if
there are domain clients using XP Pro that have not upgraded to SP2 and the
user is logging on with a local computer account. The link below explains
more. If it is not a domain controller then you may have someone from
computer RM1043 trying to access the administrator account on your server.
Do you recognize computer named RM1043 as being a computer on your
etwork? --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;811082

 

[Guest]

Hi Steve,

No, server is SA, on DMZ.

Sincerely yours,
Zeraldin

 

[Steven L Umbach]

OK. Do you recognize and of the computer names? What is the server used for?
How long have these events been appearing in the log? I would double check
your firewall configuration to make sure that only needed services are
enabled and exposed to the network adapters. In a pinch you could use one of
the self scan sites to make sure that you do not have unneeded ports open
such as file and print sharing such as at --- http://scan.sygatetech.com/
.. Make sure file and print sharing is disabled on the external network
adapter. MBSA can help check for some vulnerabilities on your server if you
have not used it before. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA