Results 1 to 3 of 3

Thread: not seeing invalid login attempts in event log

  1. 27-02-2009 #1
    OmJaa
    OmJaa is offline Member
    Join Date
    Oct 2005
    Posts
    24

    not seeing invalid login attempts in event log

    On my domain I have enabled Logon Event logging. I did it from ActiveDirectory > domain controller server > in admin tools > domain security policy > local policies > audit policy : audit account logon events: success > failure > Audit logon events > success, failure. But still when I go to client PC and try login in with WRONG password, I don’t find anything logged regarding this in my Event Log.

    Does anyone know what could be the reason why my system is not logging the wrong Password log in Event Viewer?

    For your reference this is the only messages i can see in my Event Viewer:

    Event Type: Success Audit
    Event Source: Security
    Event Category: Account Management
    Event ID: 646
    Date: 2/26/2009
    Time: 10:58:59 AM
    User: NT AUTHORITY\ANONYMOUS LOGON
    Computer: TOTOWADC01
    Description:
    Computer Account Changed:
    -
    Target Account Name: VMVMC01$
    Target Domain: xxxLARCLUB
    Target Account ID: xxxRCLUB\VMVMC01$
    Caller User Name: TOTOWADC01$
    Caller Domain: xxxLARCLUB
    Caller Logon ID: (0x0,0x3E7)
    Privileges: -
    Changed Attributes:
    Sam Account Name: -
    Display Name: -
    User Principal Name: -
    Home Directory: -
    Home Drive: -
    Script Path: -
    Profile Path: -
    User Workstations: -
    Password Last Set: 2/26/2009 10:58:59 AM
    Account Expires: -
    Primary Group ID: -
    AllowedToDelegateTo: -
    Old UAC Value: -
    New UAC Value: -
    User Account Control: -
    User Parameters: -
    Sid History: -
    Logon Hours: -
    DNS Host Name: -
    Service Principal Names: -
    Reply With Quote Reply With Quote
  2. 27-02-2009 #2
    Lucile
    Lucile is offline Member
    Join Date
    Sep 2004
    Posts
    128

    Re: not seeing invalid login attempts in event log

    Are you sure there is no other DCs in your domain? If there are multiple DCs then the log might even go in the other DCs Event Viewer. Only the DC handling the auth requests will write into the event log. Apart from this can you tell me whether the network was up and running on the client when you tried the wrong attempt? I’m asking this because Windows XP has a "fast boot" feature where it actually shows the logon screen although the network subsystem isn't up and running.
    Reply With Quote Reply With Quote
  3. 27-02-2009 #3
    Hawkin's
    Hawkin's is offline Member
    Join Date
    Sep 2004
    Posts
    128

    Re: not seeing invalid login attempts in event log

    Where are you checking the Event Log? I mean, if you are attempting to logon to the domain, the failure will be within the log on the dc on which you are attempting to logon to not the local machine.
    Reply With Quote Reply With Quote
« Force prefernce in logon server | Group Policy Screensaver in W2003 Servers »

Similar Threads

  1. FTP: limit login attempts in windows server 2003.
    By Unequaled in forum Windows Server Help
    Replies: 5
    Last Post: 11-01-2011, 07:27 PM
  2. Win 7 Invalid File / Share Login problem
    By Raj-Nepali in forum Operating Systems
    Replies: 6
    Last Post: 27-09-2010, 11:43 PM
  3. Logging failed login attempts
    By absolute55 in forum Windows Security
    Replies: 6
    Last Post: 17-08-2010, 09:42 PM
  4. How to block access to proftpd after three login attempts failed
    By Conner in forum Technology & Internet
    Replies: 3
    Last Post: 18-05-2009, 11:13 PM
  5. Event ID 20 KDC certificate was once valid, but now is invalid
    By shivinder in forum Active Directory
    Replies: 1
    Last Post: 17-06-2005, 06:32 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules

Page generated in 1,713,567,731.49865 seconds with 17 queries