getting knocked off the 2003 active directory

Archived from groups: microsoft.public.win2000.active_directory (More info?)

we are on a active directory(2003). I am on a XP pro pc here.
I am getting locked out of the network while using this pc.

I see some of this in the event viewer:

Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\UTLite.exe
Process identifier: 2172

I have the IE firewall shutoff.


Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 600
User account: SYSTEM
User domain: NT AUTHORITY


Event Type: Warning

Event Source: LSASRV

Event Category: SPNEGO (Negotiator)

Event ID: 40960

Date: 08/04/2005

Time: 12:51:01 PM


Description:

The Security System detected an attempted downgrade attack for server
exchangeAB\etcetc. The failure code from authentication protocol
Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.

Description:

The Security System could not establish a secured connection with the
server exchangeAB\etcetc. No authentication protocol was available


I use a utility called CCleaner 2x a day or so. I have this set to
clean windows temp files as well. Is this an issue?

Or do I have an intrider?

thanks
1 answer Last reply
More about getting knocked 2003 active directory
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    JWA6,

    Have you looked at this link:

    http://www.eventid.net/display.asp?eventid=861&eventno=4615&source=Security&phase=1

    Does it help you any?

    How about this link:

    http://www.eventid.net/display.asp?eventid=40960&eventno=787&source=LsaSrv&phase=1

    --
    Cary W. Shultz
    Roanoke, VA 24012
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com


    "jwa6" <jwagans@yahoo.com> wrote in message
    news:1123191876.781731.269710@f14g2000cwb.googlegroups.com...
    > we are on a active directory(2003). I am on a XP pro pc here.
    > I am getting locked out of the network while using this pc.
    >
    > I see some of this in the event viewer:
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Detailed Tracking
    > Event ID: 861
    > Description:
    > The Windows Firewall has detected an application listening for incoming
    > traffic.
    >
    > Name: -
    > Path: C:\WINDOWS\UTLite.exe
    > Process identifier: 2172
    >
    > I have the IE firewall shutoff.
    >
    >
    >
    > Event Type: Failure Audit
    > Event Source: Security
    > Event Category: Detailed Tracking
    > Event ID: 861
    >
    > The Windows Firewall has detected an application listening for incoming
    > traffic.
    >
    > Name: -
    > Path: C:\WINDOWS\system32\lsass.exe
    > Process identifier: 600
    > User account: SYSTEM
    > User domain: NT AUTHORITY
    >
    >
    >
    > Event Type: Warning
    >
    > Event Source: LSASRV
    >
    > Event Category: SPNEGO (Negotiator)
    >
    > Event ID: 40960
    >
    > Date: 08/04/2005
    >
    > Time: 12:51:01 PM
    >
    >
    > Description:
    >
    > The Security System detected an attempted downgrade attack for server
    > exchangeAB\etcetc. The failure code from authentication protocol
    > Kerberos was "The user account has been automatically locked because
    > too many invalid logon attempts or password change attempts have been
    > requested.
    >
    > Description:
    >
    > The Security System could not establish a secured connection with the
    > server exchangeAB\etcetc. No authentication protocol was available
    >
    >
    > I use a utility called CCleaner 2x a day or so. I have this set to
    > clean windows temp files as well. Is this an issue?
    >
    > Or do I have an intrider?
    >
    > thanks
    >
Ask a new question

Read More

Firewalls Active Directory Windows