Logon attempt using explicit credentials
Hi,
I've noticed that ELA is trying to login to monitored servers using credentials of the account the ELA service is running under causing the following event to be logged on ELA server:
---------------------------------
ID:552 type: security
Logon attempt using explicit credentials:
Logged on user:
User Name: user_a
Domain: KHSLS-A01
Logon ID: (0x0,0x4A6A199)
Logon GUID: -
User whose credentials were used:
Target User Name: user_b
Target Domain:
Target Logon GUID: {b9ae7a9a-d017-d472-589c-01a99b976b52}
Target Server Name:
Target Server Info:
Caller Process ID: 424
Source Network Address: -
Source Port: -
----------------------------------------
and the following event on the monitored servers:
ID: 529 source: security
Logon Failure:
Reason: Unknown user name or bad password
User Name: user_a
Domain: KHSLS-A01
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ELA-server
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address:
Source Port: 2164
Where user_a is an account ELA service is running under and user_b is an account that should be used and was specified when server were added.
ELA is getting logs. Everything is working but this should not be happening this also causes an overhead.
Thanks
I've noticed that ELA is trying to login to monitored servers using credentials of the account the ELA service is running under causing the following event to be logged on ELA server:
---------------------------------
ID:552 type: security
Logon attempt using explicit credentials:
Logged on user:
User Name: user_a
Domain: KHSLS-A01
Logon ID: (0x0,0x4A6A199)
Logon GUID: -
User whose credentials were used:
Target User Name: user_b
Target Domain:
Target Logon GUID: {b9ae7a9a-d017-d472-589c-01a99b976b52}
Target Server Name:
Target Server Info:
Caller Process ID: 424
Source Network Address: -
Source Port: -
----------------------------------------
and the following event on the monitored servers:
ID: 529 source: security
Logon Failure:
Reason: Unknown user name or bad password
User Name: user_a
Domain: KHSLS-A01
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ELA-server
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address:
Source Port: 2164
Where user_a is an account ELA service is running under and user_b is an account that should be used and was specified when server were added.
ELA is getting logs. Everything is working but this should not be happening this also causes an overhead.
Thanks
Topic Participants
Kons_me
New to M365 Manager Plus?
New to M365 Manager Plus?
New to RecoveryManager Plus?
New to RecoveryManager Plus?
New to Exchange Reporter Plus?
New to Exchange Reporter Plus?
New to SharePoint Manager Plus?
New to SharePoint Manager Plus?
New to ADManager Plus?