|
|
|
Forum Newbie
Group: Forum Members
Last Login: 3/24/2012 3:34:39 PM
Posts: 5,
Visits: 1
|
|
Hi
In the last couple of days I stared to see more events 531 recorded on my DC when I look at the Users Name the event description comes blank and the caller user name is the DC$, what I found very interesting is that the caller process ID is associated with svchost.exe when I look at the services related to that svchost I am not see any of those services running with a disable account.
Also the logon type is 3 so it is a network logon by a shared drive or IIS.
What things I can check to find the source of the failed attempts
Regards,
|
|
|
|