|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Security Log Fills with 861 errors on New Domain ControllerWe just installed Server 2003 Standard SP2 on a member server, added DNS and Domain Controller roles and then installed antivirus. The security log then started filling with event 861 failure audits. They are not all the same. Some are regarding svchosts, dns.exe or lssas.exe Event Type: Failure Audit Event Source: Security Event Category: Detailed Tracking Event ID: 861 Date: 12/15/2008 Time: 2:26:53 PM User: NT AUTHORITY\SYSTEM Computer: ---- Description: The Windows Firewall has detected an application listening for incoming traffic. Name: - Path: C:\WINDOWS\system32\dns.exe Process identifier: 1784 User account: SYSTEM User domain: NT AUTHORITY Service: Yes RPC server: No IP version: IPv4 IP protocol: UDP Port number: 50426 Allowed: No User notified: No For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. The Windows Firewall is disabled by group policy, so I don't know how these errors are being reported anyway. I suppose we could also disable it in services.msc, but we would like to know what these errors could be about since we didn't see the same event in the last domain controller we built. I would make sure if any virus or malware is present on that computer. If it
was a clean install and the error start appearing when you installed the anti virus, that could be the problem, that software is generating those events. If that's the case, you can (not recommended) turn off the "Audit Process Tracking" audit policy in the domain, for the events to stop been generated. Hope it helps Cheers "MyGposts" <mygpo***@gmail.com> escribió en el mensaje de noticias:c41f9f56-d108-498e-abbd-8e4174f50***@b38g2000prf.googlegroups.com...Show quoteHide quote > There was a similar post here, but it seems to have disappeared. > > We just installed Server 2003 Standard SP2 on a member server, added > DNS and Domain Controller roles and then installed antivirus. > > The security log then started filling with event 861 failure audits. > They are not all the same. Some are regarding svchosts, dns.exe or > lssas.exe > > Event Type: Failure Audit > Event Source: Security > Event Category: Detailed Tracking > Event ID: 861 > Date: 12/15/2008 > Time: 2:26:53 PM > User: NT AUTHORITY\SYSTEM > Computer: ---- > Description: > The Windows Firewall has detected an application listening for > incoming traffic. > > Name: - > Path: C:\WINDOWS\system32\dns.exe > Process identifier: 1784 > User account: SYSTEM > User domain: NT AUTHORITY > Service: Yes > RPC server: No > IP version: IPv4 > IP protocol: UDP > Port number: 50426 > Allowed: No > User notified: No > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > > The Windows Firewall is disabled by group policy, so I don't know how > these errors are being reported anyway. > I suppose we could also disable it in services.msc, but we would like > to know what these errors could be about since we didn't see the same > event in the last domain controller we built. Hello MyGposts,
The posting is not disappeared, maybe you should use a newsreader like outlook express or other free versions. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm Show quoteHide quote > There was a similar post here, but it seems to have disappeared. > > We just installed Server 2003 Standard SP2 on a member server, added > DNS and Domain Controller roles and then installed antivirus. > > The security log then started filling with event 861 failure audits. > They are not all the same. Some are regarding svchosts, dns.exe or > lssas.exe > > Event Type: Failure Audit > Event Source: Security > Event Category: Detailed Tracking > Event ID: 861 > Date: 12/15/2008 > Time: 2:26:53 PM > User: NT AUTHORITY\SYSTEM > Computer: ---- > Description: > The Windows Firewall has detected an application listening for > incoming traffic. > Name: - > Path: C:\WINDOWS\system32\dns.exe > Process identifier: 1784 > User account: SYSTEM > User domain: NT AUTHORITY > Service: Yes > RPC server: No > IP version: IPv4 > IP protocol: UDP > Port number: 50426 > Allowed: No > User notified: No > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > The Windows Firewall is disabled by group policy, so I don't know how > these errors are being reported anyway. > I suppose we could also disable it in services.msc, but we would like > to know what these errors could be about since we didn't see the same > event in the last domain controller we built. Hi
Also check previous answers on previous thread. -- Show quoteHide quoteI hope that the information above helps you. Have a Nice day. Jorge Silva MCSE, MVP Directory Services Please no e-mails, any questions should be posted in the NewsGroup This posting is provided "AS IS" with no warranties, and confers no rights. "MyGposts" <mygpo***@gmail.com> wrote in message news:c41f9f56-d108-498e-abbd-8e4174f5099d@b38g2000prf.googlegroups.com... > There was a similar post here, but it seems to have disappeared. > > We just installed Server 2003 Standard SP2 on a member server, added > DNS and Domain Controller roles and then installed antivirus. > > The security log then started filling with event 861 failure audits. > They are not all the same. Some are regarding svchosts, dns.exe or > lssas.exe > > Event Type: Failure Audit > Event Source: Security > Event Category: Detailed Tracking > Event ID: 861 > Date: 12/15/2008 > Time: 2:26:53 PM > User: NT AUTHORITY\SYSTEM > Computer: ---- > Description: > The Windows Firewall has detected an application listening for > incoming traffic. > > Name: - > Path: C:\WINDOWS\system32\dns.exe > Process identifier: 1784 > User account: SYSTEM > User domain: NT AUTHORITY > Service: Yes > RPC server: No > IP version: IPv4 > IP protocol: UDP > Port number: 50426 > Allowed: No > User notified: No > > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > > > The Windows Firewall is disabled by group policy, so I don't know how > these errors are being reported anyway. > I suppose we could also disable it in services.msc, but we would like > to know what these errors could be about since we didn't see the same > event in the last domain controller we built. 
Other interesting topics
Event 861 fills event log on newly built Domain Controller
Lost Resources Home folder creation via script profilepath - User Profile Scripted Drives how to change from sub.domain.com to domain.com Password Change AD 2003 and GPO on Windows 2008 GPO for Vista, allow normal User to create shares and to deactiv. Clarification on computer object migration |
|||||||||||||||||||||||
