Forum

Ultimate Windows Security Forum » Security Log » 529 - Logon Failure - Unknown user name or... » source network address

source network address Expand / Collapse
Rate Topic
Display Mode
Topic Options
Author
Message
southside_steve
Posted 11/10/2009 11:26:12 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/16/2009 2:48:12 PM
Posts: 3, Visits: 5
Is there any way to get XP Pro to log the source network address in event 529 - or in another event? I am logging event 529 but there is no source IP address shown.
Post #262
RandyFranklinSmith
Posted 11/11/2009 12:22:10 PM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324, Visits: 0
It is probably because of the authentication protocol in use.  Can you post a sample of the event - obfuscate anything sensitive.
Post #263
southside_steve
Posted 11/13/2009 1:12:50 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/16/2009 2:48:12 PM
Posts: 3, Visits: 5
thanks for the reply - here is one of the events:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date:  11/7/2009
Time:  8:48:46 AM
User:  NT AUTHORITY\SYSTEM
Computer: LIPPY
Description:
Logon Failure:
  Reason:  Unknown user name or bad password
  User Name: user
  Domain:  LIPPY
  Logon Type: 10
  Logon Process: User32 
 

Post #264
southside_steve
Posted 11/13/2009 1:19:21 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 11/16/2009 2:48:12 PM
Posts: 3, Visits: 5
Let me try that again - I left off the authentication line

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date:  11/7/2009
Time:  8:48:46 AM
User:  NT AUTHORITY\SYSTEM
Computer: LIPPY
Description:
Logon Failure:
  Reason:  Unknown user name or bad password
  User Name: user
  Domain:  LIPPY
  Logon Type: 10
  Logon Process: User32 
  Authentication Package: Negotiate
  Workstation Name: LAPPY

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Post #265
RandyFranklinSmith
Posted 11/16/2009 11:25:38 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324, Visits: 0
I guess there's a difference here between what gets logged for this event between XP and 2003.  2003 logs this.   I thought XP logged this same information but from your post - apparently not. 
Post #266
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 11:17am