weird windows event log error help -- MIDRANGE-L

× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.

Our network security guy called me about an event error found on our windows domain controller which also doubles as our iseries file server (qntc).

Here is the error.

AV - Alert - "1608147140" --> RID: "18116"; RL: "9"; RG: "windows,authentication_failures,"; RC: "User account locked out (multiple login errors)."; USER: "(no user)"; SRCIP: "None"; HOSTNAME: "(Host-x-x-x-x) x.x.x.x->WinEvtLog"; LOCATION: "(Host-x-x-x-x) x.x.x.x->WinEvtLog"; EVENT: "[INIT]2020 Dec 16 14:32:17 WinEvtLog: Security: AUDIT_SUCCESS(4740): Microsoft-Windows-Security-Auditing: (no user): no domain: xxx.xxx.com: 0x8000000000000000 message: A user account was locked out. Subject: Security ID: S-1-5-18 Account Name: NT5$ Account Domain: X_DOMAIN Logon ID: 0x3e7 Account That Was Locked Out: Security ID: S-1-5-21-1175146227-807941459-751859383-501 Account Name: Guest Additional Information: Caller Computer Name: XXX [END]";

The part that is confusing to us is the "no user". How can the iseries access a windows server with no user?

Any thought as to what might trigger this event?

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.