Strange failure audit in 2003 R2 X64 SP2

Posted by Az on Server Fault See other posts from Server Fault or by Az
Published on 2009-12-16T19:30:26Z Indexed on 2010/04/02 1:03 UTC
Read the original article Hit count: 380

Filed under:

our server is running 2003 R2 X64 SP2, we keep seeing this in clusters of around 4 rapid fire. Sometimes 2 hours, sometimes around 8 hours apart with slight variations. I am also seeing the same blank username and domain in an account locked out message, I have tried disabling all scheduled tasks, if anyone has any idea please let me know! I find these processes running out of svc host:

AeLookupSvc, AppMgmt, BITS, Browser, CryptSvc, dmserver, EventSystem, helpsvc, IAS, lanmanserver, lanmanworkstation, Netman, Nla, RasMan, Schedule, seclogon, SENS, SharedAccess, ShellHWDetection, winmgmt, wuauserv, WZCSVC

Logon Failure: Reason: Account currently disabled
User Name:

Domain:
Logon Type: 3
Logon Process: Authz

Authentication Package: Kerberos
Workstation Name: PPCLUBES_TS
Caller User Name: PPCLUBES_TS$
Caller Domain: PPCLUBES
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 928
Transited Services: -
Source Network Address: -
Source Port: -

© Server Fault or respective owner

Related posts about windows-server-2003