Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event id 534

Status
Not open for further replies.
Sen7inel

Sen7inel

IS-IT--Management
Feb 14, 2001
90
FI
Hi,

any ideas how to trace whatever it is that SPAMS my security log with event id 534 hundreds of times daily?

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 534
Date: 31.1.2002
Time: 16:01:59
User: NT AUTHORITY\SYSTEM
Computer: <the server's name>
Description:
Logon Failure:
Reason: The user has not been granted the requested
logon type at this machine
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: -

SYSTEM doesn't have access to something it should have?
 
Sort by date Sort by votes
this is the returned data from;
Event ID: 534
Source Security
Type Failure Audit
Description Logon Failure: Reason: The user has not been granted the requested logon type at this machine User Name: juser Domain:CORPDOM Logon Type: 2 Logon Process: IIS Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: DOMPDC01
Comments A logon failure due to the fact that the user has not been granted the requested logon type at this machine.
More info Q174073, Q174074

I can only assume from this that something is trying to hit your IIS server from the internet :-(

although I've never tried something like zonealarm or similar on a 2k server, maybe this will help......

best of luck, keep us updated !

Jon.
Jon. :)
----------------------------------------
To be is to do (Sartre)
To do is to be (Casmus)
Do be do be do (Sinatra)
----------------------------------------
 
Upvote 0 Downvote
Well, as logon type 3 is from the network, I tried simply adding SYSTEM to &quot;access this computer from the network&quot; policy. The event spamming ceased, but now I'm a bit confused here, what is this peculiar NT AUTHORITY/SYSTEM _from_ the network? Or am I missing something about the way w2k networks work?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
108
RRankin355
RRankin355
blpcrs
  • Locked
  • Question
Disk Space warning in real time in Event Viewer?
Replies
0
Views
160
blpcrs
blpcrs
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
108
MarkSweetland
MarkSweetland
amanua
  • Locked
  • Question
Event ID 4776 Security Log
Replies
0
Views
92
amanua
amanua
amanua
  • Locked
  • Question
Event ID 13508 Sysvol replication problems
Replies
0
Views
81
amanua
amanua

Part and Inventory Search

Sponsor

Back
Top