Archived from groups: microsoft.public.win2000.security (More info?)
We have 2 domaincontrollers with Windows 2000 Server SP3.
Since I changed the administrator password, I get a lot of these events in
the Security Event Viewer (see below).
Is it possible that some processes or programs still try to use the old
password?
Is there a procedure to follow when changing the administrator password,
just to be sure that the new password is transfered to all processes on all
the DC's.
I also have some PC's which are used p.e. as printserver or antivirus
updateserver, that start with the administrator password or wiht a user with
administrator priviliges. Is there a way to submit the new administrator
password to processes that run on such PC's?
I must say, all the programs that run on our servers : Exchange, Arcserve
Backup, F-Secure Antivirus, Progress Database,... seem to work fine.
So why all these event messages?
Kind regards,
Bob Goetschalckx
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: out_domain\Administrator
Domain: NameOfDC
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: NameOfDC
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
The logon to account: out_domain\Administrator
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: NameOfDC
failed. The error code was: 3221225572
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 10/09/2004
Time: 15:12:25
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: krbtgt/our_domain
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 127.0.0.1
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 10:11:13
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: our_domain
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: NameOfDC
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 16/09/2004
Time: 5:01:03
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: ldap/NameOfDC.our_domain.be
Ticket Options: 0x40810010
Failure Code: 0x6
Client Address: 127.0.0.1
We have 2 domaincontrollers with Windows 2000 Server SP3.
Since I changed the administrator password, I get a lot of these events in
the Security Event Viewer (see below).
Is it possible that some processes or programs still try to use the old
password?
Is there a procedure to follow when changing the administrator password,
just to be sure that the new password is transfered to all processes on all
the DC's.
I also have some PC's which are used p.e. as printserver or antivirus
updateserver, that start with the administrator password or wiht a user with
administrator priviliges. Is there a way to submit the new administrator
password to processes that run on such PC's?
I must say, all the programs that run on our servers : Exchange, Arcserve
Backup, F-Secure Antivirus, Progress Database,... seem to work fine.
So why all these event messages?
Kind regards,
Bob Goetschalckx
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: out_domain\Administrator
Domain: NameOfDC
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: NameOfDC
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
The logon to account: out_domain\Administrator
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: NameOfDC
failed. The error code was: 3221225572
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 10/09/2004
Time: 15:12:25
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: krbtgt/our_domain
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 127.0.0.1
Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 10:11:13
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: our_domain
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: NameOfDC
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 16/09/2004
Time: 5:01:03
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: ldap/NameOfDC.our_domain.be
Ticket Options: 0x40810010
Failure Code: 0x6
Client Address: 127.0.0.1
Facebook
Twitter
Instagram