I'd check your smtp logs - likely to be a normal mail host attempting
authentication when trying to transfer mail, fails..
Just a guess!
On 16/03/2010 21:50, in article
c418e960-108e-4294-9836-c039234eba08...oglegroups.com, "scubaal"
<> wrote:
> Running SBS 2003 SP2. Sitting behind a firewall with everything shut
> except the essentials (smtp, https, http, rdp). Very small network (5
> workstations) so I know what is on the LAN. In the last 24 hours I
> have seen LOTS of failed connections from a machine I dont have on a
> domain that is not mine. Events 529 + 680 (shown below).
> NOTE - this is NOT my domain name or one of my workstations. Also note
> that there is no IP number given. The system is rejecting a type 3
> logon (network)....but why wouldnt it show an IP? The authentication
> is NTLM - does this mean it has to be on the LAN........or could it be
> coming in through http/s, smtp, rdp? Nothing else is open.
>
> Any ideas how I can trace this?
>
> Security 529 3/17/2010 1:24 AM 276 *
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: HB-MAIL01$
> Domain: HBJSW
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: HB-MAIL01
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
> Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Logon account: HB-MAIL01$
> Source Workstation: HB-MAIL01
> Error Code: 0xC0000064
Similar Threads
Linear Mode
