4

Lots of Logon/Logoff events in the event viewer windows 2003

view full story
linux-howto

http://serverfault.com – I seem to be getting a lot of these entries in the Security event viewer. Around 8-12 every hour. I am wondering if a) I should be worried about it? or b) what actually is going on, Can anyone help? Type: Success Audit Source: Security Category: Logon/Logoff User: Network Service or IUSR_WIN2003 Logon attempt using explicit credentials: Logged on user: User Name: NETWORK SERVICE Domain: NT AUTHORITY Logon ID: (0x0,0x3E4) Logon GUID: - User whose credentials were used: Target User Name: IUSR_WIN2003 Target Domain: WILDEBB1 Target Logon GUID: - Ta (HowTos)

taskli's picture
Submitted by taskli on 06/06/2012 – Made popular on 06/06/2012

Stories similar to Lots of Logon/Logoff events in the event viewer windows 2003

One of my domain controllers is an abnormally large number of windows auditing events. The common thread I have been able to identify is that 90% of these logs share a common logon guid.

These events are being generated at about 500 a minute, 3 minutes in a row, four minutes off, then restarting the loop. The user SID referenced is SYSTEM.

I have a WCF service hosted in IIS that must connect to the SQL server using Integrated Security = SSPI;

So I've created a new application pool in IIS, and in the Advanced Settings / Identity, I've given IIS the credentials of the domain account I'd like it to use.

When i try and make a call to my service, I'm getting the following error:

Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.

When I go to the logon screen, it only give me the option for my local account, guest account or remote account. I have my Ubuntu 12.10 box joined to an AD domain with Likewise-open. I can login with my AD credentials via SSH, but how do I get into the desktop?

UPDATE - Ok, so it seems that it added my AD user automatically? All of a sudden it appeared in the list.

I am getting about 200k of these an hour:

An account failed to log on.

Subject: Security ID: SYSTEM Account Name: TGSERVER$ Account Domain: WORKGROUP Logon ID: 0x3e7

Logon Type: 4

Account For Which Logon Failed: Security ID: NULL SID Account Name: administrator Account Domain: TGSERVER

Failure Information:

I have an application that uses files on a network drive (K:) that normally is connected during user logon via net use K: \myserver\myshare .... The same files should be accessed by a windows service installed on a server. But the service doesn't fire a logon script, obviously.

I need to create a bidirectional trust between two Active Directory domains. But management is worried that users will be puzzled out when seeing another domain name in the drop-down list in the Windows logon screen (many of them use Windows XP), and that help desk calls for failed logins due to having selected the wrong domain will skyrocket.

I've been noticing recurring failed logon attempts onto our SQL server. It happens every minute with the same login. An example from the log file viewer

10/18/2011 13:54:50,Logon,Unknown,Login failed for user 'LOLZOR\lolsqlserver'.

In an active directory domain I'd like to have some PCs assigned to single people. For example on computer_a, the only people allowed to logon should be person_a plus the various administrators.

One common solution I found is to use the Logon Locally GPO, but this would require creating a new GPO and OU for each computer, as each computer would be assigned to a different user.

The installation is a Windows 2008 R2 server with an Exchange 2010. I am trying to install BESX on it, for which a user account is needed to login on the domain controller and run the installer. I keep getting:

The User Profile Service failed the logon.