|
|
|
Forum Newbie
Group: Forum Members
Last Login: 6/24/2009 3:16:18 PM
Posts: 2,
Visits: 4
|
|
Hello,
We have been experiencing an issue for sometime and it always comes back to this. We are using RSA enVision to track our logs and when I run a report against event ID 644 to see if we have failures for the day we always see a few hundred (in the morning) for administrator, by end of day its in the thousands.
However here is what the errors look like.
User Administrator
Device address: 172.x.x.x
Workstation: generally seems to be the same workstations lets call it MON0100
logon type = 0
Reason= blank
calling_address = blank
calling_username = DOM0100$ (DOM0100 is our primary domain controller)
so the strange thing i am seeing is that we get these messages several hundred to thousand times a day and the calling username changes to various domain controllers throughout the day. When the error is reported from a workstation on a diffrent forest it will be calling address from that domain controller.
Does anyone have any idea why this is happening?
Thank you soooooo much in advance for any help at all!
-Dan
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 324,
Visits: 0
|
|
| waiting on reply to private message
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 6/24/2009 3:16:18 PM
Posts: 2,
Visits: 4
|
|
Hello and thanks again for responding, I sent a response to you directly by e-mail on Fri 6/12/09 1:39 PM, the e-mail contains a little more information than i'd like to post here but if we manage to figure this out i'd like to clean it up a little and post it so other people can find a solution to this.
Thanks again for all your help and i'm looking forward to the webinar on Wednesday!
|
|
|
|