NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes
We have installed Windows server 2003 in our office which is used by some users to run some particular software and all. There is also a MSSQL database running on another Windows server 2003. At every 10 minutes or so we can see the below NT AUTHORITY\ANONYMOUS LOGON event in the event log of the SQL server.
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 538
Date: 15/6/2005
Time: 8:42:00 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
User Logoff:
User Name: ANONYMOUS LOGON
Domain: NT AUTHORITY
Logon ID: (0x0,0x759A8F2)
Logon Type: 3
And another one:
Event Type: Success Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 540
Date: 15/6/2005
Time: 8:42:00 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: AMEDMAHCMEPS03
Description:
Successful Network Logon:
User Name:
Domain:
Logon ID: (0x0,0x759A8F2)
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: AMEDTSMAHC001
Logon GUID: -
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 143.83.63.197
Source Port: 0
Can anyone tell us how to solve this problem?
Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes
Incase if you think that is the origin then you can also try to tweak the reg key controlling even if the machine is allowed to be a master or backup master browser so in the end it wont be able to participate.
Re: NT AUTHORITY\ANONYMOUS LOGON in event log EVERY 12 minutes
I think that turning off the computer browser service will also do the same thing. I was using some registry mods before when I was using the Windows 2000. I also dont know for sure whether there will be any further consequences by disabling the pc browser service but I have seen that as of now that service names can be sometimes misleading with the major candidate that could be tcp/ip netbios helper service that would lead on to believe that you can disable it incase if you are not using the netbios over tcp/ip. Though it is related to be a core service and can speed up things positively if it is disabled.