event id 529 after password change
|
From: Claus on 4 Aug 2010 09:06 Hi all, For security reasons we had to change the admin password on an SBS2003 box. Since then we are getting thousands of 529 errors from the workstations. They all look like this: Source security Category Logon/logiff Event ID 529 User NT Authority\System Logon Failure: Reason: Unknown user name or bad password User Name: administrator Domain: TTOWNSEND01 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: TTOWNSEND01 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: - Source Port: - Any idea what could be the cause? At first we also got a policy execution error but a reboot of the server fixed that. Thanks, -- Claus
From: Larry Struckmeyer[SBS-MVP] on 4 Aug 2010 21:56 Claus: there is some service in the stations that checks the server at the interval shown in the event logs. Hard for us to tell from here what it is, but you should be able to see a similiar event in the logs on the station. I would try running MSCONFIG on one of the stations, disabling all non MS services to see if the errors stop. If yes, use the 50 - 50 rule to see what service/program it is. My first gues would be an AV program that uses the administrator password to validate itself. Please note that this venue is due to be closed in a few days/weeks and you will get much more attention in the new SBS Forum hosted by MS at the following location. http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads You can either use your web browser, or if you prefer to use your existing (or different) nntp news reader you can use one of the official MS bridge applications, or the combined one on codeplex.com Official MS Bridge - Note two required. http://connect.microsoft.com/MicrosoftForums/ Codeplex nntp bridge - only one required. http://communitybridge.codeplex.com/ -Please post the resolution to your issue so others may benefit. -Get Your SBS Health Check at www.sbsbpa.com > Hi all, > > For security reasons we had to change the admin password on an SBS2003 > box. Since then we are getting thousands of 529 errors from the > workstations. They all look like this: > > Source security > > Category Logon/logiff > > Event ID 529 > > User NT Authority\System > > Logon Failure: > > Reason: Unknown user name or bad password > > User Name: administrator > > Domain: TTOWNSEND01 > > Logon Type: 3 > > Logon Process: NtLmSsp > > Authentication Package: NTLM > > Workstation Name: TTOWNSEND01 > > Caller User Name: - > > Caller Domain: - > > Caller Logon ID: - > > Caller Process ID: - > > Transited Services: - > > Source Network Address: - > > Source Port: - > > Any idea what could be the cause? At first we also got a policy > execution error but a reboot of the server fixed that. > > Thanks, >
From: Claus on 5 Aug 2010 00:44 Thanks Larry, I thought there might be a known issue with changing the admin password on an SBS 2003 box. I checked the stations and there are 1030 userinv event in the stations event logs that reference policy objects. I will run some tests and report back. -- Claus "Larry Struckmeyer[SBS-MVP]" <lstruckmeyer(a)mis-wizards.com> wrote in message news:4e6835151e5a08cd0236fffbd085(a)news.microsoft.com... > Claus: > > there is some service in the stations that checks the server at the > interval shown in the event logs. Hard for us to tell from here what it > is, but you should be able to see a similiar event in the logs on the > station. > > I would try running MSCONFIG on one of the stations, disabling all non MS > services to see if the errors stop. If yes, use the 50 - 50 rule to see > what service/program it is. My first gues would be an AV program that > uses the administrator password to validate itself. > > Please note that this venue is due to be closed in a few days/weeks and > you will get much more attention in the new SBS Forum hosted by MS at the > following location. > > http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads > > You can either use your web browser, or if you prefer to use your existing > (or different) nntp news reader you can use one of the official MS bridge > applications, or the combined one on codeplex.com > > Official MS Bridge - Note two required. > http://connect.microsoft.com/MicrosoftForums/ > > Codeplex nntp bridge - only one required. > http://communitybridge.codeplex.com/ > > -Please post the resolution to your issue so others may benefit. > > -Get Your SBS Health Check at www.sbsbpa.com > > >> Hi all, >> >> For security reasons we had to change the admin password on an SBS2003 >> box. Since then we are getting thousands of 529 errors from the >> workstations. They all look like this: >> >> Source security >> >> Category Logon/logiff >> >> Event ID 529 >> >> User NT Authority\System >> >> Logon Failure: >> >> Reason: Unknown user name or bad password >> >> User Name: administrator >> >> Domain: TTOWNSEND01 >> >> Logon Type: 3 >> >> Logon Process: NtLmSsp >> >> Authentication Package: NTLM >> >> Workstation Name: TTOWNSEND01 >> >> Caller User Name: - >> >> Caller Domain: - >> >> Caller Logon ID: - >> >> Caller Process ID: - >> >> Transited Services: - >> >> Source Network Address: - >> >> Source Port: - >> >> Any idea what could be the cause? At first we also got a policy >> execution error but a reboot of the server fixed that. >> >> Thanks, >> > >
|
Pages: 1 Prev: SQL password Next: Availables : More that 3500 Solutions manuals and Test Banks (Part 3) |