General discussion


529, AUDIT FAILURE, Security

By jmlaurentius1 ·
I am getting the following security message on some of the Windows 2000 servers.

529, AUDIT FAILURE, Security, {Date}, NT AUTHORITY\SYSTEM, Logon Failure: Reason: Unknown user name or bad password User Name: {User ID} Domain: {Wks Name} Logon Type: 3 Logon Process: NtLmSsp

There is a Domain that 95% of the users logon. The other 5% logon to the local workstation. The domain is on an NT 4 servers. The Domain does not show the 529 Audit Failure. There are 8 applications servers that the 95% use. These server are the ones getting the 529 Audit Failure. From what I have been able to figure out is the 5% that logs onto their local workstations are the users listed in the security logs. These workstation will cause the error when the user miss types their screen saver password. If the 5% does not type in their password correctly when loging on in the morning their system will not cause this error.

One last piece of information. The Domain was recreated 3 months ago.

* I have deleted the workstaion and readded them to the domain and this does not work.

* Created new local profiles and this did not work.

* Removed any occurrence of the application server in the Registry did keep the workstation from showing in the logs but we could browse to the domain and the entries came back.

I could rebuild the OS on the workstation but it would not explain how the workstation is trying to authenticate to application servers that the workstation is not using.

Information on authentication to server would be very helpful. If the workstation?s OS is reloaded then the workstation will not show in the logs. When I add the workstation into the domain, we start getting the 529 errors for that workstation.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Related Discussions

Related Forums