× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2021

Re: weird windows event log error help

how did this get resolved?


On Fri, Dec 18, 2020 at 6:32 PM iseriesstuff <iseriesstuff@xxxxxxxxx> wrote:

Our network security guy called me about an event error found on our

windows domain controller which also doubles as our iseries file server

(qntc).



Here is the error.



AV - Alert - "1608147140" --> RID: "18116"; RL: "9"; RG:

"windows,authentication_failures,"; RC: "User account locked out

(multiple login errors)."; USER: "(no user)"; SRCIP: "None"; HOSTNAME:

"(Host-x-x-x-x) x.x.x.x->WinEvtLog"; LOCATION: "(Host-x-x-x-x)

x.x.x.x->WinEvtLog"; EVENT: "[INIT]2020 Dec 16 14:32:17 WinEvtLog:

Security: AUDIT_SUCCESS(4740): Microsoft-Windows-Security-Auditing: (no

user): no domain: xxx.xxx.com: 0x8000000000000000 message: A user

account was locked out. Subject: Security ID: S-1-5-18 Account Name:

NT5$ Account Domain: X_DOMAIN Logon ID: 0x3e7 Account That Was Locked

Out: Security ID: S-1-5-21-1175146227-807941459-751859383-501 Account

Name: Guest Additional Information: Caller Computer Name: XXX [END]";



The part that is confusing to us is the "no user". How can the iseries

access a windows server with no user?



Any thought as to what might trigger this event?



--

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list

To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx

To subscribe, unsubscribe, or change list options,

visit: https://lists.midrange.com/mailman/listinfo/midrange-l

or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx

Before posting, please take a moment to review the archives

at https://archive.midrange.com/midrange-l.



Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.