Different Domain Name
The following is an alert triggered based on Security Event ID 529 from the eventlog analyzer on my my Domain Controller. My question is why is my domain controller triggering such log even if the domain name is different which in this case the event log is reflecting "TEOCH1" as the computer domain name while my domain is "XXX"
Host : Domain_Controller_XXXXX
Application : Security
Time Generated : Thu Oct 04 11:10:53 2007
Criticality : Medium
Number of Occurances : 5
Message : Logon Failure:
Reason: Unknown user name or bad password
User Name: teo
Domain: TEOCH1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: TEOCH1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.81.160.236
Source Port: 1081
This satisfies HIPAA requirement 164.308(a)(5) and SOX Sec 302 (a)(4)(C & D) for Falied logon Attempts
Host : Domain_Controller_XXXXX
Application : Security
Time Generated : Thu Oct 04 11:10:53 2007
Criticality : Medium
Number of Occurances : 5
Message : Logon Failure:
Reason: Unknown user name or bad password
User Name: teo
Domain: TEOCH1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: TEOCH1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.81.160.236
Source Port: 1081
This satisfies HIPAA requirement 164.308(a)(5) and SOX Sec 302 (a)(4)(C & D) for Falied logon Attempts
Topic Participants
1guide1
AdventNetEventLogAnalyz
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?