04-30-2010 01:27 PM
Hi,
I'm having issues and worried as this unknown system that continuesly tries to connect to my W2K3 servers. Recently one of my admin account was locked out on 2 of my servers and stopped important services and these servers are having these logs continuesly. could this happened because of these logs ?
this is one of the Windows Server 2003 security log files:
event ID: 529
type: failure audit
source: NT AUTHORITY/SYSTEM
catagory: logon/logoff
Reason: Unknown user name or bad password
User Name:
Domain: WORKGROUP
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: lQPxf2ISQgEV1bGK
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address:
Source Port: 0
Strange thing is it keeps changing IP addresses but they are all my companies ip address
Have any one have seen this before ..please help Thanks
04-30-2010 02:24 PM