Large number of ANONYMOUS LOGON from our Servers within our Network
Hi All, I have a Terminal Server part of our domain and when reviewing the security event log I see a large number of Events. Event ID's: 538,540 one after another consecutively for the User ANONYMOUS LOGON for multiple servers. The events occur so often that after a few days the event log fills and I am prompted with a warning and manually need to clear the event log. I do not suspect this is a security threat as the logons are coming from other servers part of the domain. What I am having trouble is working out: 1. Why are request being made to the TS from other servers on the domain. 2. Why is it using the ANONYMOUS LOGON to access the server and what for. 3. How to suppress/stop these events logging and flooding the security log. If anyone could provide some insight as to how I can get more information or resolve this it would be greatly appreciated. Examples are: Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 538 Date: 30/05/2012 Time: 11:17:05 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: MUMBOJUMBO Description: User Logoff: User Name: ANONYMOUS LOGON Domain: NT AUTHORITY Logon ID: (0x0,0x129DC36) Logon Type: 3 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 30/05/2012 Time: 11:17:05 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: MUMBOJUMBO Description: Successful Network Logon: User Name: Domain: Logon ID: (0x0,0x129DC43) Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: BOB Logon GUID: - Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.100.4 Source Port: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
May 29th, 2012 9:33pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics