Communications Server 5 - IM failed login

Similar Messages

• Data Warehouse SQL error log shows failed login

  In addition to the above title, on our management servers (x2 Win 2012 R2 - SCOM 2012 R2), I am seeing the event ID 31551 stating:
  Failed to store data in the Data Warehouse. The operation will be retired. Exception 'SqlException':Login failed for user 'xx'.
  One or more workflows were affected by this.
  Workflow name: Microsoft.SystemCenter.DataWarehouse.CollectEntityHealthStateChange
  Instance name: management server
  Instance ID: {xxxxxxxxxxxxxxxxx}
  Management Group: XXXX
  I've logged onto Data Warehouse server using the account referenced in the error message, loaded SQL Management Studio (2012 Std), and logged in and am able to see, view tables within the OperationsManagerDW database. So I'm trying to establish what's going
  on! If I can access the DW DB using the account, why am I getting these errors?

  Hi
  Unfortunately, this hasn't resolved the issue. I've ran the query DBCC CHECKIDENT ("EventChannel"); and have got the following response back: 
  Checking identity information: current identity value '1', current column value '1'.
  DBCC execution completed. If DBCC printed error messages, contact your system administrator.
  I've revisited the run as account for 'Data Warehouse SQL Account' - this is a domain account. I've checked the Data Warehouse DB and can confirm that it's got write access over the database. I'm using the same account as the 'Data Warehouse Action Account'.
  However, the SQL log on the data warehouse server is saying failed login, see below:
  Login failed for user 'sv-scom-dw'. Reason: Could not find a login matching the name provided. [CLIENT: Management server 1 IP]
  I've checked the 'Management Group' table and can confirm the WriterLoginName is DOMAIN\sv-scom-dw
  However, the SQL error looks like it's looking for a local SQL login. The database is set to Mixed mode authentication.
  Any ideas?

• Communication problem the web server extension (WGATE) failed to receive a

  Hi,
  When a user tries to access his timesheet he get the below error:
  <b>communication problem the web server extension (WGATE) failed to receive a response from the ITS web service</b>
  Only ONE user is getting this error. If everyone get\s the same we can check on the ITS side, but if only ONE user is getting it.
  Please help.
  Regards,
  PK

  HI ALL,
  Thanks for your time. The issue got resolved however without cheking the logs itself. The problem was with the scripfile. All other users and all other scripts were working, except one. And it got recified.
  Regards,
  P. Kumaravel.

• Non-SysAdmins get error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.

  I have a SQL 2008 R2 system (10.50.4000) where I'm having problems connecting any user that is not a SysAdmin.  Example: I setup a new SQL Login to use Windows Authentication and grant that user db_datareader on the target database.  The user attempts
  to connect using Excel client or Access or SQL Management Studio and receives Error 18456.  The SQL Server Logs shows Error 18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  The strange part is that if I temporarily grant the user the sysadmin server role then the user can connect successfully and retrieve data.  But, if I take away that sysadmin server role then the user can no longer connect but again receives the Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  We've turned off UAC on the client machine to see if that was the problem, but no change.
  I have dropped and re-added the user's SQL Login (and the related database user login info).  No success.
  The Ring Buffers output shows:
  The Calling API Name: LookupAccountSidInternal
  API Name: LookupAccountSid
  Error Code: 0x534
  Thanks for any help.
  -Walt

  Yes, you understand correctly.  The user is logging onto a workstation (not the server) with a Windows Authenticated id.  The user is using either Excel or Access or SSMS and connecting to the server using a Windows Authenticated SQL Login account.
   If the account has sysadmin role (which is only for testing) then the connection is successful.  If I take away sysadmin role from the account then the connection is unsuccessful and the SQL Server Log shows Error
  18456 Severity 14 State 11 Login Failed for user _ Reason Token-based server access validation failed with an infrastructure error.
  (SQL Authentication is not an option here.  I must use Windows Authentication).
  Any other troubleshooting assistance you can offer would be appreciated.  Thanks.
  -Walt 

• Failed Logins - Token Based Server Access Validation Failed

  Hi All-
  I am trying to track down, well for lack of a better word (an annoyance).  I have a VM running a proprietary utility (VMware update manager) that connects to a remote SQL VM.  This connection is via a service account that from the surface has the
  appropriate permissions.  The setup and utility has been in and is working as it should.  However in our logs we are constantly seeing.
  SQL Event Viewer - Login failed for DOMAIN/REMOTESERVERNAME$ Reason: Token-based server access validation failed with an infrastructure error.  Check for previous errors [CLIENT: REMOTEIP OF REMOTESERVERNAME]
  Then in the SQL Logs I am seeing the same error and also - ERROR 18546, Severity 14, State 11
  I have read dozens of threads - pointing to UAC.  I have elevated SSMS via UAC and allowed it to run as administrator.  Also ran as admin, and reapplied the permissions to that service account, db_owner
  What I have read is about AD/user account.  However in this case I am seeing the remote server name, not service account.  Got me thinking a service is running as network or local system, and phoning home to SQL.  However everything I see
  is using the service account for that utility.  Also in the event viewer in the security portion for that same time, I see the login and log off as successful.  Could anyone try to point me in the right direction, without flat out adding the servername
  to the local SQL VM administrators group.
  Thank you in advance for any assistance.

  Rather than adding the machine account to the admin group, you could do:
    GRANT CONNECT TO [Domain\Remoteservername$]
  And then you could set up a logon trigger that captures information about the login. That would include app_name() as well as the Windows process id. This could help you track exactly which process that is knocking on the door.
  Erland Sommarskog, SQL Server MVP, [email protected]

• Thousands of failed login 4625 events, corresponding with 1003 events form Security-SSP

  I've got a server running Server 2012 R2, it's got a few services and such, but lately there have been thousand of failed logins, they seem to happen every 30 minutes and there is about 10 or so at a time. I checked the application logs and there seem to
  be corresponding events from Security-SSP at the same times, event ID 1003,a s well as a few different ones at random times. These are the details for the 4625 events:
  An account failed to log on.
  Subject:
      Security ID:        SYSTEM
      Account Name:        SERVER$
      Account Domain:        MYSERVER
      Logon ID:        0x3E7
  Logon Type:            3
  Account For Which Logon Failed:
      Security ID:        NULL SID
      Account Name:        
      Account Domain:        
  Failure Information:
      Failure Reason:        Unknown user name or bad password.
      Status:            0xC000006D
      Sub Status:        0xC0000064
  Process Information:
      Caller Process ID:    0x2c4
      Caller Process Name:    C:\Windows\System32\lsass.exe
  Network Information:
      Workstation Name:    SERVER
      Source Network Address:    -
      Source Port:        -
  Detailed Authentication Information:
      Logon Process:        Schannel
      Authentication Package:    Kerberos
      Transited Services:    -
      Package Name (NTLM only):    -
      Key Length:        0
  System
  Provider
  [ Name]
  Microsoft-Windows-Security-Auditing
  [ Guid]
  {54849625-5478-4994-A5BA-3E3B0328C30D}
  EventID
  4625
  Version
  0
  Level
  0
  Task
  12544
  Opcode
  0
  Keywords
  0x8010000000000000
  TimeCreated
  [ SystemTime]
  2014-10-08T15:39:27.023566500Z
  EventRecordID
  555922
  Correlation
  Execution
  [ ProcessID]
  708
  [ ThreadID]
  11356
  Channel
  Security
  Computer
  Server.MYSERVER.local
  Security
  EventData
  SubjectUserSid
  S-1-5-18
  SubjectUserName
  SERVER$
  SubjectDomainName
  MYSERVER
  SubjectLogonId
  0x3e7
  TargetUserSid
  S-1-0-0
  TargetUserName
  TargetDomainName
  Status
  0xc000006d
  FailureReason
  %%2313
  SubStatus
  0xc0000064
  LogonType
  3
  LogonProcessName
  Schannel
  AuthenticationPackageName
  Kerberos
  WorkstationName
  SERVER
  TransmittedServices
  LmPackageName
  KeyLength
  0
  ProcessId
  0x2c4
  ProcessName
  C:\Windows\System32\lsass.exe
  IpAddress
  IpPort
  And the 1003 events:
  System
  Provider
  [ Name]
  Microsoft-Windows-Security-SPP
  [ Guid]
  {E23B33B0-C8C9-472C-A5F9-F2BDFEA0F156}
  [ EventSourceName]
  Software Protection Platform Service
  EventID
  1003
  [ Qualifiers]
  16384
  Version
  0
  Level
  4
  Task
  0
  Opcode
  0
  Keywords
  0x80000000000000
  TimeCreated
  [ SystemTime]
  2014-10-08T11:09:21.000000000Z
  EventRecordID
  7230
  Correlation
  Execution
  [ ProcessID]
  0
  [ ThreadID]
  0
  Channel
  Application
  Computer
  Server.MYSERVER.local
  Security
  EventData
  55c92734-d682-4d71-983e-d6ec3f16059f
  1: e96022a1-3247-4125-9ddc-4c6068ab3bfc, 1, 1 [(0 [0x00000000, 1, 0], [(?)( 1 0x00000000)(?)( 2 0x00000000 0 0 msft:rm/algorithm/hwid/4.0 0x00000000 0)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)(?)])(1 )(2 )]
  There are also a few 900, 902, 903 events. Any ideas what is happening? Everything seems to be running fine.

  Hi,
  The event 4625 indicates a computer account failed to logon. You could run NLTEST /SC_RESET:domain-name command with administrative credentials to check domain’s health.
  For more detailed information, please see:
  Audit Failure event ID 4625
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/ae9da10a-b4d2-4eda-ae6d-ad61b7b6ab79/audit-failure-event-id-4625?forum=winserversecurity
  You could also refer to the similar threads to troubleshoot the issue:
  numerous 4625 errors in the event log
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/c6b0d058-98d0-4572-8a72-e18e353b04fd/numerous-4625-errors-in-the-event-log?forum=winserversecurity
  Many Audit Failure Event ID 4625
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/8f7ebcf5-2310-42c3-9b6a-20205a6c17ef/many-audit-failure-event-id-4625?forum=winserveressentials
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Failed Logins from external addresses

  Hi,I recently started a trial GFI/MaxFocus RMM software. It high-lighted a couple of servers getting numerous failed logins. One of these, a 2008 R2 64 bit server, is getting between 4 and 5,000 failed logins daily. The login attempts originate from IP addresses in numerous European countries and the US, and on varying ports.The server sits behind a SonicWall TZ 205. It would be useless to block IP addresses as the login attempts are from constantly changing sources. There is a branch office that makes terminal connections to this server, and the GFI software is using some port or ports for its service. The server gets Windows updates periodically. Those are the only services I am aware that require communication of this server with the outside world.I can specifically allow ports required by these services with the outside at the...
  This topic first appeared in the Spiceworks Community

  You should adapt the menu.lst of the backed up OS like this:
  # (0) Arch Linux
  title Arch Linux
  root (hd1,0)
  kernel /boot/vmlinuz-linux root=/dev/sdb1 ro
  initrd /boot/initramfs-linux.img
  explanation:
  - Your root should be (hd1,0) because the external disc is the second hard disc (assuming root=/dev/sdb1 is correct).
  - The kernel and initrd line should have /boot, because you don't have a seperate boot partition.
  Also, you didn't adapt your fstab of the backed up hard disk. In particular, you have to remove the entries for /boot, /home and swap. The entry of root file system is also wrong, because you still have the old UUID in it:
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  /dev/sdb1 / ext4 defaults 0 1
  Finally, I think not following the excludes in the wiki will also cause problems.

• SQL Failed login Report - SSRS or HTML

  Working on to create SSRS or HTMl Report for Failed Login from more then one server. 
  1) Get all Failed login information with server name and store it into one table 
  2) Create SSRS report. 
  Or If anyone has better script and Idea..
  Thanks 
  Please Mark As Answer if it is helpful. \\Aim To Inspire Rather to Teach A.Shah

  Hi,
  You can use the sp_readerrorlog to get the current error log and only return failed logins. See:
  Auditing Failed Logins in SQL Server
  Simply, you can add multiple data sources and datasets with sp_readerrorlog stored procedure. The number of them depends on the number of SQL Servers which you want to audit. And add multiple tables in your report with the corresponding datasets in your
  report.
  You can use PowerShell to retrieve the information from multiple servers. It is similar to the method which mentioned in the following articles:
  Check the Last SQL Server Backup Date using Windows PowerShell
  http://www.mssqltips.com/sqlservertip/1784/check-the-last-sql-server-backup-date-using-windows-powershell/
  Retrieve a List of SQL Server Databases and their Properties using PowerShell
  http://www.mssqltips.com/sqlservertip/1759/retrieve-a-list-of-sql-server-databases-and-their-properties-using-powershell/
  Automate collection and saving of failed logins for SQL Server
  http://www.mssqltips.com/sqlservertip/1750/automate-collection-and-saving-of-failed-logins-for-sql-server/
  Hope the information helps.
  Tracy Cai
  TechNet Community Support

• Office Communication Server 2007 R2

  Can the iChat 5.0.3 client establish encrypted connections to Office Communication Server 2007 R2?
  My employer has set up an OCS 2007 R2 Edge server for which I configured the external DNS. I've tried Messenger for Mac 7 and found that it worked. Which led me to wonder if iChat supported SIP connections over port 443 or whatever port is specified in an SIP.TLS SRV record?

  Hi,
  To be frank I don't know.
  It was the main reason for posting the link to the iChat Server forum and giving you the one name of a regular poster who I thought might be able to help.
  iChat has problems, particularly in Leopard if the iChat app senses more than one Internet connection. This mainly effects it's A/V and Screen Sharing connections.
  This List of "Well Known Ports for Apple Apps" may help if you look at the single and group of ports I listed earlier (it does not List the Distinction between iChat 4 and above compared to Earlier versions).
  Its lists which port does what sort of streaming.
  This Article lists the ports as I have already listed for iChat 3 and earlier but has some Notes underneath the final table that may offer some insights (I suggest item 4)
  This article lists the Changes (without telling you they are changes) but leaves out the Jabber and Bonjour ports (Hence the link to the first article).
  The first article does tell you in the last note that port 5678 connects iChat to a server called SNATMAP (snatmap.mac.com) which is essential in the SIP Invite bit as this is Apple's SIP server.
  I have never seen any references that says iChat in the AV chats uses TLS or other security protocols.
  A Buddy List can use an SSL Login to the relevant server to Login. This is only for the Login stage. It is unclear if the Text Chats are also subject to this (most 1-1 IM chats are on the Login port)
  Group Chats and File Sending from an AIM Buddy list move to port 5190 (if login is different) and the UDP Protocol.
  MobileMe Uses can Encrypt Chats to other MobileMe users. This may apply to Video and Audio chats but I have never had a MobileMe (or it's .Mac predecessor) to experiment if that happens over Audio and Video chats.
  I also know that in Failed A/V chats to AIM on a PC user the Log details that the AIM users is using port 5061 for SIP.
  The Log does not indicate that it is with TLS or not. (most fail on Windows Firewall issues or Routers not having port open in the routing device at both or either end).
  A Client iChat would only contact a iChat Server to perform the Buddy List Login.
  Essentially you would not have to be at the same location to do this.
  Any A/V chat would be "negotiated" separately from that via the SNATMAP server.
  At Connection the A/V chat is Peer-to-Peer.
  As part of the SIP negotiations a Ping is sent to Confirm that where the Visible Invite went to from the Buddy list is the same place, IP-wise, that the SIP response is coming from.
  On another tack.
  An iChat Client can be made to connect to an MSN/Live Buddy using a Jabber Buddy list that is also registered with a Jabber Server that is running an MSN transport.
  This can allow Text Chats only (Instructions)
  Apple have always said they deem iChat to be an SIP/VoIP app (but have never enabled full VoIP to POTS connections).
  Looking at the OCS 2007 R2 site it appears that Microsoft are moving toward SIP/VoIP and I was unaware of that.
  It has been a while since I checked out MSN for Mac to know it has got A/V capabilities yet (As an alternative)
  Trillian for Mac seems to have been stuck in Alpha for ever and does not mention Video. (The previous Windows version could video over several Services).
  Summary.
  More info about how iChat works (I later think I was missing the point)
  Info on using iChat and the MSN service
  One possible alternative and the "most likely" that has been stuck at that stage for years. (The windows version moved from Trillian Pro to Trillian Astra about a year ago and we {Mac Users} have been waiting at last that time again on top).
  I hope that the real question was can iChat hook up to the MSN network via the OCS 2007 R2 and I have given you enough info to suggest it cannot be done.
  It is late here and it will be my tomorrow before any further replies.
  11:27 PM Saturday; August 21, 2010
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Inventory service does not start 610 failed login

  L.S.
  Netware 6.5, SP6
  ZEN 7.01SP1IR1
  Sybase database
  Standalone server
  My inventory service does not start. I've looked around but did not yet find the solution. I did have an error I've read nothing about:
  logger screen: java:Class com.novell.....ZENWorksInventoryservicemanager exited with status -1
  C1, Inventory service object shows 610: database location policy is not configured (but it is)
  NRM: health, failed login: user: .CN=Server package_ZENSERVER:Netware:ZENDateBase.O=context.T= tree
  Any suggestions
  Thomas Roes

  Thomasroes,
  either of these help?
  http://www.novell.com/support/php/se...1%200%20506894
  http://www.novell.com/support/php/se...1%200%20506894
  Shaun Pond

• There have been 7,039 failed login attempts in the last 30 minutes

  Hi,
  I am trying to find out the cause for an OEM alert we received:
  There have been 7,039 failed login attempts in the last 30 minutesThe cause is ofcourse known, but I can't find out why the application anyway was able to do 7000+ login attempts within half an hour. The account should have locked after 10 attempts
  The perticular account has a DEFAULT profile.
  Auditing is on, so if we look into DBA_AUDIT_SESSION it is clearly seen that within 1 minute approx 1200 failed login attempts occured without the account being locked.
  USERNAME USERHOST     RETURCODE      TIME              COUNT
  KRAMPV      DDE18LNB       1017     27-01-2012 13:54     235
  KRAMPV      VSV2SH221     1017     27-01-2012 13:54     271
  KRAMPV      VSV2SH222     1017     27-01-2012 13:54     258
  KRAMPV      VSV2SH223     1017     27-01-2012 13:54     263
  KRAMPV      VSV2SH224     1017     27-01-2012 13:54     266If we retry the login with a incorrect password manually from SQLplus, after 10 login attempts the account gets locked as expected.
  The above login attempts come from three application server of which I don't know how they handle failed logins.
  Can anyone point me into a search direction as to why the account didn't lock. Just for completeness some extra info about the account and the DEFAULT profile:
  User is created with:
  CREATE USER KRAMPV
  IDENTIFIED BY VALUES 'S:123456890'
  DEFAULT TABLESPACE KRAMPVDATA
  TEMPORARY TABLESPACE TEMP
  PROFILE DEFAULT
  ACCOUNT UNLOCK;
  GRANT RESOURCE TO KRAMPV;
  GRANT CONNECT TO KRAMPV;
  ALTER USER KRAMPV DEFAULT ROLE ALL;
  GRANT CREATE MATERIALIZED VIEW TO KRAMPV;
  GRANT CREATE VIEW TO KRAMPV;
  GRANT CREATE TABLE TO KRAMPV;
  GRANT ALTER ANY MATERIALIZED VIEW TO KRAMPV;
  ALTER USER KRAMPV QUOTA UNLIMITED ON KRAMPVDATA;
  ALTER USER KRAMPV QUOTA UNLIMITED ON KRAMPVARCH;The DEFAULT profile has the following settings:
  DEFAULT     COMPOSITE_LIMIT               UNLIMITED
  DEFAULT     PASSWORD_LOCK_TIME          UNLIMITED
  DEFAULT     PASSWORD_VERIFY_FUNCTION     NULL
  DEFAULT     PASSWORD_REUSE_MAX          UNLIMITED
  DEFAULT     PASSWORD_REUSE_TIME          UNLIMITED
  DEFAULT     PASSWORD_LIFE_TIME          180
  DEFAULT     FAILED_LOGIN_ATTEMPTS          10
  DEFAULT     PRIVATE_SGA               UNLIMITED
  DEFAULT     CONNECT_TIME               UNLIMITED
  DEFAULT     IDLE_TIME               UNLIMITED
  DEFAULT     LOGICAL_READS_PER_CALL          UNLIMITED
  DEFAULT     LOGICAL_READS_PER_SESSION     UNLIMITED
  DEFAULT     CPU_PER_CALL               UNLIMITED
  DEFAULT     CPU_PER_SESSION               UNLIMITED
  DEFAULT     SESSIONS_PER_USER          UNLIMITED
  DEFAULT     PASSWORD_GRACE_TIME          7The Oracle database version is 11.2.0.3
  The OS is AIX7.1
  I've been looking on MOS, but was unable to find a clue yets
  Thanks
  FJFranken
  Edit: For the record, after I discovered the above I changed the DEFAULT profile, so the account would not unlock itself anymore. If this problem will occur in the future, maybe we can get more info as the account - if it gets locked- should stay locked now:
  alter profile default limit PASSWORD_LOCK_TIME unlimited;Edited by: fjfranken on 3-feb-2012 2:56

  Girish Sharma wrote:
  I cann't say that resource_limit is not TRUE, because you are saying "If we retry the login with a incorrect password manually from SQLplus, after 10 login attempts the account gets locked as expected.", so it means profile is working for the "KRAMPV" user.
  The interesting thing is USERHOST is changing, so another option is the listener log should also have information about the failed connection attempts.
  My another guess is duplicate user in the database i.e. one is KRAMPV and another is "krampv" (with quotation mark). Just check in dba_users that is there something like exists or not.....
  select upper(username),count(*) from dba_users group by upper(username) having count(*) > 1;
  Regards
  Girish SharmaHi Girish,
  resource_limit is set to FALSE.
  And we've tested the locking with another user, because KRAMPV is used by the application that is running and we didn't want to risk that it got locked
  USERHOST is not changing, there are 4 hosts ( application servers ) doing the same thing, so connection requests are coming from 4 hosts concurrently.
  There is luckily no duplicate user.
  Thanks anyway, we will keep investigating. I also sent the information to the application provider.
  Bye
  FJFranken

• Network (IP) address is no longer listed as the source of multiple failed login attempts - Events 4776 in Windows 2008 R2

  Our Windows 2008R2 security log is full of failed login attempt events 4776, but we're unable to block them because no IP address is provided for the network source of these attempts - like it was in Windows 2003 Server.
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          9/26/2012 2:32:27 AM
  Event ID:      4776
  Task Category: Credential Validation
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      MAIL.XYZ.COM
  Description:
  The computer attempted to validate the credentials for an account.
  Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Logon Account:    admin
  Source Workstation:    MAIL
  Error Code:    0xc0000064
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
      <EventID>4776</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>14336</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8010000000000000</Keywords>
      <TimeCreated SystemTime="2012-09-26T06:32:27.570062500Z" />
      <EventRecordID>18318</EventRecordID>
      <Correlation />
      <Execution ProcessID="452" ThreadID="540" />
      <Channel>Security</Channel>
      <Computer>MAIL.XYZ.COM</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data>
      <Data Name="TargetUserName">admin</Data>
      <Data Name="Workstation">MAIL</Data>
      <Data Name="Status">0xc0000064</Data>
    </EventData>
  </Event>

  The user names are all different in these log events, and they constantly change, which may indicate a hacking attempt.  However, in Windows 2003 these type of events looked like this, showing the IP address the request came from, so we could trace
  and block them -- but not in Windows 2008:
  Logon Failure:
  Reason: Unknown user name or bad password
  User Name: s
  Domain: MAIL
  Logon Type: 10
  Logon Process: User32 
  Authentication Package: Negotiate
  Workstation Name: MAIL
  Caller User Name: MAIL$
  Caller Domain: XXXX
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 3728
  Transited Services: -
  Source Network Address: 202.67.170.186
  Source Port: 57365

• Exchange server 2010 backup fails

  My exchange server backup keep failing
  the exchange server 2010 two node dag
  netbackup 7.6
  I have contacted Symantec support. They believed it's Exchange server problem as "Vssadin list writers"
  show Microsoft Exchange writer Retryable error
  Any help?

  Hi,
  Please try to restart Information Store service for testing.
  Also try to refer following blogs:
  Troubleshooting Exchange 2007 VSS Backups
  http://blogs.technet.com/b/exchange/archive/2008/08/25/3406172.aspx 
  Exchange and VSS -- My Exchange writer is in a failed retryable state
  http://blogs.technet.com/b/timmcmic/archive/2012/03/11/exchange-and-vss-my-exchange-writer-is-in-a-failed-retryable-state.aspx 
  Thanks
  Mavis Huang
  TechNet Community Support

• 500 Internal Server Error. Failed to process request. Please contact....

  Hi Experts,
  The user is able to login successfully into portal.
  When the user is clicking on Travel & Expenses page an error is coming as below:
  500 Internal Server Error.
  Failed to process request. Please contact your system administrator.
  Please advise, what could be the issue. thanks.

  Check if the user id is locked or not? If yes, then unlock and reset the password.
  Please check at both R/3 side and portal side. And note that resetting of the password has to be done at both the sides.

• SADMIN User-Id failed logins while running srvrmgr

  Hi All,
  Need help with one of my Customers running srvrmgr command against gateway.
  Customer had installed siebel environment 15 days back and it was working fine. Suddenly, from easter week end seeing sadmin id failing and locking out. Customer is running srvrmgr and see sadmin user-id failed logins with ONLY siebel gateway up, and siebel server down.
  1.He is able to run odbcsql with sadmin id/pwd fine
  2.With sadmin/pwd srvrmgr connects fine, all command line operations are fine. But see sadmin failing in nameserver log file.
  3.I see 2 separate sadmin connections in name server log file which is weird, one with 'sadmin' works fine no failed logins and second with 'SADMIN' which fails. Below are log snapshots. Has anyone seen this issue before
  1. Below error messages suggest login with SADMIN is failing:
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 Invoking SecurityLogin with username=SADMIN ...
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:35 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
  DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Dynamically loading ODBC library functions
  DBCLog DBCLogDetail 4 000000034dbf2a6c:0 2011-05-03 15:18:35 Successfully loaded ODBC library functions
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocEnv) Env Handle: 150212040, Time: 0.140ms
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Env Handle: 150212040, Conn Handle: 150215192, Time: 0.044ms
  SQLConnectOptions Allocate Connection 4 000000034dbf2a6c:0 2011-05-03 15:18:35 (SQLAllocConnect) Conn Handle: 150215192, Time: 0.044ms
  SQLTraceAll SQLTraceAll 4 000000034dbf2a6c:0 2011-05-03 15:18:46 (SQLConnect) Conn Handle: 150215192, Time: 10.184s
  DBCLog DBCLogError 1 000000034dbf2a6c:0 2011-05-03 15:18:46 [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
  SecAdptLog Debug 5 000000034dbf2a6c:0 2011-05-03 15:18:46 username=SADMIN : authentication failed due to :
  [DataDirect][ODBC 20101 driver][20101]ORA-01017: invalid username/password; logon denied
  2. Below messages confirm login with sadmin user-id is working fine.
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 Invoking SecurityLogin with username=sadmin ...
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 ODBC security adapter configured: connectstring='SBA_81_DM1_DSN', tableowner='siebel', GlobalConnections=.
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocEnv) Env Handle: 150006904, Time: 0.062ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Env Handle: 150006904, Conn Handle: 151411016, Time: 0.011ms
  SQLConnectOptions Allocate Connection 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLAllocConnect) Conn Handle: 151411016, Time: 0.011ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLConnect) Conn Handle: 151411016, Time: 0.046s
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLGetInfo) Conn Handle: 151411016, Time: 0.040ms
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.034ms
  SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.034ms
  SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1041, Param: 1090553352
  SQLTraceAll SQLTraceAll 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Conn Handle: 151411016, Time: 0.013ms
  SQLConnectOptions Set Connection Option 4 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Handle: 151411016, Time: 0.013ms
  SQLConnectOptions Set Connection Option Detail 5 000000074dbf2a6c:0 2011-05-03 15:19:06 (SQLSetConnectOption) Option: 1042, Param: 1090553361
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : authentication succeeded.
  SecAdptLog Debug 5 000000074dbf2a6c:0 2011-05-03 15:19:06 username=sadmin : retrieving responsibilities...
  Many Thanks,
  Chaitanya

  Hi Chaitanya,
  Exactly.
  Check for some scheduled batch processes or some repeating jobs which may use this SADMIN Id & Pwd.
  Even I have the experienced this SADMIN account locking and I found that one of my repeating job using the SADMIN Id and its locking the ID frequently, even I unlocked the account.
  Try cancelling the job and create new one.
  Regards,
  Guna M