Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Strange errors have started..

Status
Not open for further replies.
jmaddox112974

jmaddox112974

Vendor
Mar 21, 2007
8
US
OK...I've got a couple of strange errors that seem to be persistent on my W2K3 DC. I'll get a batch of these:

Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 11/12/2007
Time: 6:32:36 AM
User: N/A
Computer: FASERVER1
Description:
The server was unable to logon the Windows NT account 'Administrator' due to the following error: Logon failure: unknown user name or bad password. The data is the error code.

For more information, see Help and Support Center at Data:
0000: 2e 05 00 00 ....


Then....I'll get a batch of these...

Event Type: Error
Event Source: NetBT
Event Category: None
Event ID: 4319
Date: 11/12/2007
Time: 10:36:29 PM
User: N/A
Computer: FASERVER1
Description:
A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.

For more information, see Help and Support Center at Data:
0000: 00 00 00 00 01 00 58 00 ......X.
0008: 00 00 00 00 df 10 00 c0 ....ß..À
0010: 05 01 00 00 49 01 00 0a ....I...
0018: 98 08 00 00 00 00 00 00 ?.......
0020: 00 00 00 00 00 00 00 00 ........


This has been going on...and is now causing problems with our phones....that will not pull DHCP addresses...It's all very strange...They are constant, but they seem to run in large batches (400-500 each error)...

The first one concerns me, because it looks like a dictionary attack.

The second one has me baffled...mainly because I can't figure out the IP address...

Any thought would be GREATLY appreciated.
 
Sort by date Sort by votes
Is it possible that the service is set to run under the administrator account and the password has been changed?

Fot the second error do you have the IP of the machine that sent the duplicate name message? If so you could get the mac address and trace it back to card manufacturer this can help you narrow your search.
 
Upvote 0 Downvote
In the mean time i'd make sure your administrator password is strong in case it is a brute force attack.
 
Upvote 0 Downvote
I don't have the IP address...it says it's in the data...but I can't make heads or tails of the 'data':

0000: 00 00 00 00 01 00 58 00 ......X.
0008: 00 00 00 00 df 10 00 c0 ....ß..À
0010: 05 01 00 00 49 01 00 0a ....I...
0018: 98 08 00 00 00 00 00 00 ?.......
0020: 00 00 00 00 00 00 00 00 ........

We do have a pretty strong admin password- in fact, all of our user passwords are very strong.

 
Upvote 0 Downvote
Also the second error can be caused by duplicate listings in WINS if you use it.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
160
MarkSweetland
MarkSweetland
telecotek1
  • Locked
  • Question
strange DNS issue
Replies
1
Views
229
telecotek1
telecotek1
cybtech
  • Locked
  • Question
Strange issue with Robocopy
Replies
3
Views
147
SamBones
SamBones
techbrain1
  • Locked
  • Question
dhcp server errors
Replies
1
Views
119
jknichols
jknichols
DTGMI
  • Locked
  • Question
Strange 2008 R2 AD login lockouts!
Replies
1
Views
87
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top