Directory Service Access

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I Added a Windows 2003 server running Exchange 2003 (member server) to my
windows 2000 domain. when a user logs on with a wrong password or username
The local workstation records a logon failure(Event ID 529) to the local
security event log, however the Domain server security event log shows no
login failure (Event ID 529), but instead logs an event ID 565.

Here is a copy of the event on the Domain Security log:

Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 8/8/2005
Time: 10:08:10 AM
User: TASBCLS\XCH-CLS$
Computer: TASBCLS-01
Description:
Object Open:
Object Server: DS
Object Type: configuration
Object Name: CN=Configuration,DC=TASBCLS,DC=com
New Handle ID: -
Operation ID: {0,62436668}
Process ID: 284
Primary User Name: TASBCLS-01$
Primary Domain: TASBCLS
Primary Logon ID: (0x0,0x3E7)
Client User Name: XCH-CLS$
Client Domain: TASBCLS
Client Logon ID: (0x0,0x3CA88)
Accesses Control Access

Privileges -

Properties:
DELETE
WRITE_OWNER
Delete Child
List Contents
Write Property
Delete Tree
Manage Replication Topology

----------------------------------------------------------------------------------------

Why is this happening?

Thanks,

John

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I don't have a specific answer for you but check this out it may help you
troubleshoot the problem.

http://www.eventid.net/display.asp?eventid=565&eventno=868&source=Security&phase=1

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.


"FA22ADMIN" <FA22ADMIN@discussions.microsoft.com> wrote in message
news:E3B42BC7-1A90-416F-AF89-7FFFD67035D4@microsoft.com...
>I Added a Windows 2003 server running Exchange 2003 (member server) to my
> windows 2000 domain. when a user logs on with a wrong password or username
> The local workstation records a logon failure(Event ID 529) to the local
> security event log, however the Domain server security event log shows no
> login failure (Event ID 529), but instead logs an event ID 565.
>
> Here is a copy of the event on the Domain Security log:
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Directory Service Access
> Event ID: 565
> Date: 8/8/2005
> Time: 10:08:10 AM
> User: TASBCLS\XCH-CLS$
> Computer: TASBCLS-01
> Description:
> Object Open:
> Object Server: DS
> Object Type: configuration
> Object Name: CN=Configuration,DC=TASBCLS,DC=com
> New Handle ID: -
> Operation ID: {0,62436668}
> Process ID: 284
> Primary User Name: TASBCLS-01$
> Primary Domain: TASBCLS
> Primary Logon ID: (0x0,0x3E7)
> Client User Name: XCH-CLS$
> Client Domain: TASBCLS
> Client Logon ID: (0x0,0x3CA88)
> Accesses Control Access
>
> Privileges -
>
> Properties:
> DELETE
> WRITE_OWNER
> Delete Child
> List Contents
> Write Property
> Delete Tree
> Manage Replication Topology
>
> ----------------------------------------------------------------------------------------
>
> Why is this happening?
>
> Thanks,
>
> John

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

"" wrote:
> I don't have a specific answer for you but check this out it
> may help you
> troubleshoot the problem.
>
> http://www.eventid.net/display.asp?eventid=565&eventno=868&source=Security&phase=1
>
> --
>
>
> Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
>
> This posting is provided "AS IS" with no warranties, and
> confers no rights.
>
>
> "FA22ADMIN" <FA22ADMIN@discussions.microsoft.com> wrote in
> message
> news:E3B42BC7-1A90-416F-AF89-7FFFD67035D4@microsoft.com...
> >I Added a Windows 2003 server running Exchange 2003 (member
> server) to my
> > windows 2000 domain. when a user logs on with a wrong
> password or username
> > The local workstation records a logon failure(Event ID 529)
> to the local
> > security event log, however the Domain server security event
> log shows no
> > login failure (Event ID 529), but instead logs an event ID
> 565.
> >
> > Here is a copy of the event on the Domain Security log:
> >
> > Event Type: Failure Audit
> > Event Source: Security
> > Event Category: Directory Service Access
> > Event ID: 565
> > Date: 8/8/2005
> > Time: 10:08:10 AM
> > User: TASBCLSXCH-CLS$
> > Computer: TASBCLS-01
> > Description:
> > Object Open:
> > Object Server: DS
> > Object Type: configuration
> > Object Name: CN=Configuration,DC=TASBCLS,DC=com
> > New Handle ID: -
> > Operation ID: {0,62436668}
> > Process ID: 284
> > Primary User Name: TASBCLS-01$
> > Primary Domain: TASBCLS
> > Primary Logon ID: (0x0,0x3E7)
> > Client User Name: XCH-CLS$
> > Client Domain: TASBCLS
> > Client Logon ID: (0x0,0x3CA88)
> > Accesses Control Access
> >
> > Privileges -
> >
> > Properties:
> > DELETE
> > WRITE_OWNER
> > Delete Child
> > List Contents
> > Write Property
> > Delete Tree
> > Manage Replication Topology
> >
> >
> --------------------------------------------------------------
> --------------------------
> >
> > Why is this happening?
> >
> > Thanks,
> >
> > John

don’t forget:
http://www.eventid.net/display.asp?eventid=529&eventno=1&source=Security&phase=1

--
Posted using the http://www.windowsforumz.com interface, at author's request
Articles individually checked for conformance to usenet standards
Topic URL: http://www.windowsforumz.com/Active-Directory-Service-Access-ftopict406180.html
Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.windowsforumz.com/eform.php?p=1348367