HI All..
My AD see so many Logon failure Event.... seems every few logon failure attempt within a Sec..
EventID: 529
User : NT Authority \SYSTEM
Computer : AD01
Desciption:
Logon Failure:
Reason: Unknown user name or bad password
User Name : Administrator
Domain: SERVER01
Logon Type : 3
Logn Process: NTLMSSP
Authentication Package: NTLM
WorkStation Name: SERVER01
Caller User name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network address : 192.168.1.10
Source Port: 59219 ( actually its a random port for every of the failure attemp)
Anyone has idea how to trace down this logon attempt???
and is this trying domain admin password or just local admin password ?
I see some web talking about "logon type " 3 is about using some network resources ?