Archived from groups: microsoft.public.win2000.active_directory (More info?)
we are on a active directory(2003). I am on a XP pro pc here.
I am getting locked out of the network while using this pc.
I see some of this in the event viewer:
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\UTLite.exe
Process identifier: 2172
I have the IE firewall shutoff.
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 600
User account: SYSTEM
User domain: NT AUTHORITY
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 08/04/2005
Time: 12:51:01 PM
Description:
The Security System detected an attempted downgrade attack for server
exchangeAB\etcetc. The failure code from authentication protocol
Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.
Description:
The Security System could not establish a secured connection with the
server exchangeAB\etcetc. No authentication protocol was available
I use a utility called CCleaner 2x a day or so. I have this set to
clean windows temp files as well. Is this an issue?
Or do I have an intrider?
thanks
we are on a active directory(2003). I am on a XP pro pc here.
I am getting locked out of the network while using this pc.
I see some of this in the event viewer:
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Description:
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\UTLite.exe
Process identifier: 2172
I have the IE firewall shutoff.
Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
The Windows Firewall has detected an application listening for incoming
traffic.
Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 600
User account: SYSTEM
User domain: NT AUTHORITY
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 08/04/2005
Time: 12:51:01 PM
Description:
The Security System detected an attempted downgrade attack for server
exchangeAB\etcetc. The failure code from authentication protocol
Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.
Description:
The Security System could not establish a secured connection with the
server exchangeAB\etcetc. No authentication protocol was available
I use a utility called CCleaner 2x a day or so. I have this set to
clean windows temp files as well. Is this an issue?
Or do I have an intrider?
thanks
Facebook
Twitter
Instagram