Results 1 to 4 of 4

Thread: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

  1. #1
    Join Date
    Feb 2006
    Posts
    106

    NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

    We have installed Windows server 2003 in our office which is used by some users to run some particular software and all. There is also a MSSQL database running on another Windows server 2003. At every 10 minutes or so we can see the below NT AUTHORITY\ANONYMOUS LOGON event in the event log of the SQL server.

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 538
    Date: 15/6/2005
    Time: 8:42:00 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: AMEDMAHCMEPS03
    Description:
    User Logoff:
    User Name: ANONYMOUS LOGON
    Domain: NT AUTHORITY
    Logon ID: (0x0,0x759A8F2)
    Logon Type: 3


    And another one:

    Event Type: Success Audit
    Event Source: Security
    Event Category: Logon/Logoff
    Event ID: 540
    Date: 15/6/2005
    Time: 8:42:00 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: AMEDMAHCMEPS03
    Description:
    Successful Network Logon:
    User Name:
    Domain:
    Logon ID: (0x0,0x759A8F2)
    Logon Type: 3
    Logon Process: NtLmSsp
    Authentication Package: NTLM
    Workstation Name: AMEDTSMAHC001
    Logon GUID: -
    Caller User Name: -
    Caller Domain: -
    Caller Logon ID: -
    Caller Process ID: -
    Transited Services: -
    Source Network Address: 143.83.63.197
    Source Port: 0

    Can anyone tell us how to solve this problem?

  2. #2
    Join Date
    Jan 2006
    Posts
    605
    I think that you will need to disable the policy setting by using Group Policy Object Editor and see if that works. Verify that the policy setting was enabled by using Group Policy, and then disable the policy setting by using Group Policy Object Editor. To do this you can go to the microsoft kb article for a detailed explanation, link is here - http://support.microsoft.com/kb/921468

  3. #3
    Join Date
    Feb 2006
    Posts
    335

    Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

    Incase if you think that is the origin then you can also try to tweak the reg key controlling even if the machine is allowed to be a master or backup master browser so in the end it wont be able to participate.

  4. #4
    Join Date
    Feb 2006
    Posts
    99

    Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

    I think that turning off the computer browser service will also do the same thing. I was using some registry mods before when I was using the Windows 2000. I also dont know for sure whether there will be any further consequences by disabling the pc browser service but I have seen that as of now that service names can be sometimes misleading with the major candidate that could be tcp/ip netbios helper service that would lead on to believe that you can disable it incase if you are not using the netbios over tcp/ip. Though it is related to be a core service and can speed up things positively if it is disabled.

Similar Threads

  1. Replies: 4
    Last Post: 07-04-2011, 10:16 AM
  2. Replies: 3
    Last Post: 10-01-2011, 07:24 AM
  3. Anonymous Logon attempts from unknown ip's
    By Dev-Datta in forum Windows Software
    Replies: 4
    Last Post: 13-08-2010, 01:28 AM
  4. What is 'NT AUTHORITY\ANONYMOUS LOGON' every 15 secs
    By kyosang in forum Windows Security
    Replies: 2
    Last Post: 16-04-2009, 05:40 AM
  5. Event ID: 10016 // DCOM //NT AUTHORITY\NETWORK SERVICE
    By sevaanan in forum Small Business Server
    Replies: 1
    Last Post: 14-05-2008, 12:49 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,785,824.37055 seconds with 16 queries