Lots of Failure Alerts on my DC

Question

I am receiving lots of Failure Audit logs on my DC, can you guide me - how should i identify the culprit.

Please see the below print-screen for more detail. The logon type is 3, that means it is a network logon. I have identify the Workstation from the log, but how should i prove who or which process is sending broadcast with logon authentication to my DC. The Anti-virus is also updated.

Note:- The Workstation is in Workgroup. enter image description here

score 1 · Answer 1 · answered Dec 01 '12 at 08:10

1

use tcp view http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx on the workstation it will tell you the process that is talking to the dc.

answered Dec 01 '12 at 08:10

score 1 · Answer 2 · edited Dec 03 '12 at 12:13

1

As you said, your anti virus is updated, just perform virus scanning on all workstations or turn on IIS logging.

Refer the following link for error event: event id 4625

The thread can also be monitored by a third party tool.

edited Dec 03 '12 at 12:13

MDMarra

100,734
32
197
329

answered Dec 03 '12 at 12:10

robert

9
2

Lots of Failure Alerts on my DC

2 Answers2