Strange failure audit in 2003 R2 X64 SP2
Posted
by Az
on Server Fault
See other posts from Server Fault
or by Az
Published on 2009-12-16T19:30:26Z
Indexed on
2010/04/02
1:03 UTC
Read the original article
Hit count: 380
windows-server-2003
our server is running 2003 R2 X64 SP2, we keep seeing this in clusters of around 4 rapid fire. Sometimes 2 hours, sometimes around 8 hours apart with slight variations. I am also seeing the same blank username and domain in an account locked out message, I have tried disabling all scheduled tasks, if anyone has any idea please let me know! I find these processes running out of svc host:
AeLookupSvc, AppMgmt, BITS, Browser, CryptSvc, dmserver, EventSystem, helpsvc, IAS, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, winmgmt, wuauserv, WZCSVC
Logon Failure:
Reason: Account currently disabled
User Name:
Domain:
Logon Type: 3
Logon Process: Authz
Authentication Package: Kerberos
Workstation Name: PPCLUBES_TS
Caller User Name: PPCLUBES_TS$
Caller Domain: PPCLUBES
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 928
Transited Services: -
Source Network Address: -
Source Port: -
© Server Fault or respective owner