Sign in with
Sign up | Sign in
Your question

getting knocked off the 2003 active directory

Last response: in Windows 2000/NT
Share
Anonymous
August 4, 2005 6:44:36 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

we are on a active directory(2003). I am on a XP pro pc here.
I am getting locked out of the network while using this pc.

I see some of this in the event viewer:

Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861
Description:
The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\UTLite.exe
Process identifier: 2172

I have the IE firewall shutoff.



Event Type: Failure Audit
Event Source: Security
Event Category: Detailed Tracking
Event ID: 861

The Windows Firewall has detected an application listening for incoming
traffic.

Name: -
Path: C:\WINDOWS\system32\lsass.exe
Process identifier: 600
User account: SYSTEM
User domain: NT AUTHORITY



Event Type: Warning

Event Source: LSASRV

Event Category: SPNEGO (Negotiator)

Event ID: 40960

Date: 08/04/2005

Time: 12:51:01 PM


Description:

The Security System detected an attempted downgrade attack for server
exchangeAB\etcetc. The failure code from authentication protocol
Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.

Description:

The Security System could not establish a secured connection with the
server exchangeAB\etcetc. No authentication protocol was available


I use a utility called CCleaner 2x a day or so. I have this set to
clean windows temp files as well. Is this an issue?

Or do I have an intrider?

thanks
Anonymous
August 6, 2005 3:27:04 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

JWA6,

Have you looked at this link:

http://www.eventid.net/display.asp?eventid=861&eventno=...

Does it help you any?

How about this link:

http://www.eventid.net/display.asp?eventid=40960&eventn...

--
Cary W. Shultz
Roanoke, VA 24012
Microsoft Active Directory MVP

http://www.activedirectory-win2000.com
http://www.grouppolicy-win2000.com



"jwa6" <jwagans@yahoo.com> wrote in message
news:1123191876.781731.269710@f14g2000cwb.googlegroups.com...
> we are on a active directory(2003). I am on a XP pro pc here.
> I am getting locked out of the network while using this pc.
>
> I see some of this in the event viewer:
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Detailed Tracking
> Event ID: 861
> Description:
> The Windows Firewall has detected an application listening for incoming
> traffic.
>
> Name: -
> Path: C:\WINDOWS\UTLite.exe
> Process identifier: 2172
>
> I have the IE firewall shutoff.
>
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Detailed Tracking
> Event ID: 861
>
> The Windows Firewall has detected an application listening for incoming
> traffic.
>
> Name: -
> Path: C:\WINDOWS\system32\lsass.exe
> Process identifier: 600
> User account: SYSTEM
> User domain: NT AUTHORITY
>
>
>
> Event Type: Warning
>
> Event Source: LSASRV
>
> Event Category: SPNEGO (Negotiator)
>
> Event ID: 40960
>
> Date: 08/04/2005
>
> Time: 12:51:01 PM
>
>
> Description:
>
> The Security System detected an attempted downgrade attack for server
> exchangeAB\etcetc. The failure code from authentication protocol
> Kerberos was "The user account has been automatically locked because
> too many invalid logon attempts or password change attempts have been
> requested.
>
> Description:
>
> The Security System could not establish a secured connection with the
> server exchangeAB\etcetc. No authentication protocol was available
>
>
> I use a utility called CCleaner 2x a day or so. I have this set to
> clean windows temp files as well. Is this an issue?
>
> Or do I have an intrider?
>
> thanks
>
!