Hello to the gang,
Here's an easy one for you...I have been receiving a lot of Critical Errors regarding failed logons in my daily report the last few days, looking like this:
I would like to know where this is originating. In my Usage Report, this is the sixth-highest device. It does not have a username, so it must be either one of two WAPs (encrypted, WEP 13-digit) the gigabit switch, or a small network hub. It is not the IP address assigned to either network printer. Most likely it is one of the WAPs.
Research into the Event ID is failed logon (duh) or a possible time conflict, inquiring minds want to know exactly which device is causing the error.
Is there a way within SBS to determine which IP address goes to which device? I know I could unplug each device and then pull a usage report, but I don't want to waste time nor take down any part of the network. I also know this is not a source for worry, but if one of my WAPs is getting pinged I would like to know who's doing it.
Thanks as always.
Tony
Here's an easy one for you...I have been receiving a lot of Critical Errors regarding failed logons in my daily report the last few days, looking like this:
Code:
Source:Security Event ID:537 Last Occurrence:5/31/2007 11:34 AM Total Occurrences:11 *
Logon Failure:
Reason: An error occurred during logon
User Name:
Domain:
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name: -
Status code: 0xC000006D
Substatus code: 0xC0000133
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.16.19
Source Port: 1528
I would like to know where this is originating. In my Usage Report, this is the sixth-highest device. It does not have a username, so it must be either one of two WAPs (encrypted, WEP 13-digit) the gigabit switch, or a small network hub. It is not the IP address assigned to either network printer. Most likely it is one of the WAPs.
Research into the Event ID is failed logon (duh) or a possible time conflict, inquiring minds want to know exactly which device is causing the error.
Is there a way within SBS to determine which IP address goes to which device? I know I could unplug each device and then pull a usage report, but I don't want to waste time nor take down any part of the network. I also know this is not a source for worry, but if one of my WAPs is getting pinged I would like to know who's doing it.
Thanks as always.
Tony