I am running SBS 2008 Premium and have been having a lot of performance issues. During the monitoring, I noticed a lot of strange security audits I'm not sure should be happening. At one point there was 350 audits in 1 second, the same 4 events repeated, special logon, logon, Kerberos Service Ticket Operations, Logoff. I disabled IPv6 and found things are running a little better, but I'm still getting a lot of strange logon and logoffs. Can anyone give me guidance of how to figure out what is causing this and possibly how to fix it? Thanks! Jake Here is an example of a logon event: An account was successfully logged on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: SYSTEM Account Name: FS-PRIVILEGED$ Account Domain: HS Logon ID: 0x5e54886 Logon GUID: {c79f4a74-20df-d81d-2a88-819b78f05918} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: Source Network Address: 192.168.1.26 Source Port: 42092 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0

Hi Jake, I see that issue is more likely with the SBS server , and i would recommend you to post your query under appropriate sbs group . The support professionals there are better equipped to assist you. For your convenience, I’ve included the link of Windows Small Business Server discussion group: Discussions in Windows Small Business Server Generalhttp://www.microsoft.com/communities/newsgroups/en-us/default.aspx?dg=microsoft.public.windows.server.sbs SBS08 Public Newsgroupshttps://connect.microsoft.com/cougar/content/content.aspx?ContentID=8333