Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

here are thousands of events 529 on the SBS

Active Directory, Domain, DNS, WINS, DHCP, SBS, New Releases.

here are thousands of events 529 on the SBS

Postby guest » Sat May 24, 2008 9:46 pm

the issue that there are thousands of events 529 on the SBS server.

Analysis:
===========
Generally speaking, the event indicates there is a failure logon attempt.
This could be caused by many factors, some services with the expired user
credential or some people tried to logon into the current domain with the
bad credential, or there someone tried to guess the user credential and
logon the current domain (many a attack from outside the domain).

Based on my experience, the error event should like below:
---------------------------------------
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 26/3/2008
Time: XXXXXXX
User: NT AUTHORITY\SYSTEM
Computer: computer name
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: user name
Domain: domain name
Logon Type:
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: computer name
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: IP address
Source Port: 0
----------------------------------------

So may I know if we could know the computer name and the IP address from
the event on this computer. If so, we could see if there is something wrong
on the source computer and try some steps to isolate the issue. Please try
the following on the computer in the event 529:

Clear the cached user credential and do a clean boot on these computers and
see if the issue will happen again.

Clear the cached user credential, to do so, follow the steps below:

1 Click start>run>control keymgr.dll
2 Clear the cached credential on these computers
3 Log off and then logon again, see if the issue still exists

On a problematic server perform a clean boot and check if the issue still
exists

1. Click Start->Run...->type msconfig and press Enter
2. Click Services tab and select Hide All Microsoft Services and Disable
All third party Services.
3. Click Startup tab and Disable All startup items
4. Click OK and choose Restart
5. After reboot, check whether the problem still occurs
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 10191
Joined: Mon Nov 27, 2006 1:10 pm

Return to Windows

Your Ad Here

Who is online

Users browsing this forum: Yahoo [Bot] and 4 guests