NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

Printable View

06-10-2005
Drewski

NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

We have installed Windows server 2003 in our office which is used by some users to run some particular software and all. There is also a MSSQL database running on another Windows server 2003. At every 10 minutes or so we can see the below NT AUTHORITY\ANONYMOUS LOGON event in the event log of the SQL server.

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 15/6/2005
Time: 8:42:00 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x759A8F2)
Logon Type: 3

And another one:

Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 15/6/2005
Time: 8:42:00 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x759A8F2)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: AMEDTSMAHC001
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 143.83.63.197
Source Port: 0

Can anyone tell us how to solve this problem?
07-10-2005
Janos™

I think that you will need to disable the policy setting by using Group Policy Object Editor and see if that works. Verify that the policy setting was enabled by using Group Policy, and then disable the policy setting by using Group Policy Object Editor. To do this you can go to the microsoft kb article for a detailed explanation, link is here - http://support.microsoft.com/kb/921468
07-10-2005
HELLIAN

Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

Incase if you think that is the origin then you can also try to tweak the reg key controlling even if the machine is allowed to be a master or backup master browser so in the end it wont be able to participate.
07-10-2005
2muchreality

Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes

I think that turning off the computer browser service will also do the same thing. I was using some registry mods before when I was using the Windows 2000. I also dont know for sure whether there will be any further consequences by disabling the pc browser service but I have seen that as of now that service names can be sometimes misleading with the major candidate that could be tcp/ip netbios helper service that would lead on to believe that you can disable it incase if you are not using the netbios over tcp/ip. Though it is related to be a core service and can speed up things positively if it is disabled.