This is the information in the credential verification
Computer is trying to verify account credentials,
Validation package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Login account: ADMINISTRATOR
Source workstation:
Error code: 0 xc0000064
- & lt; The Event XMLNS="http://schemas.microsoft.com/win/2004/08/events/event" & gt;
- & lt; System>
- & lt; EventData>
Here is the login information in the
Account login failed,
User:
Security ID: NULL SID
Account name: -
The account domain: -
Login ID: 0 x0
Login type: 3
Account login failure:
Security ID: NULL SID
Account name: ADMINISTRATOR
The account domain:
Failure information:
The reason for failure: unknown user name or password mistake,
Status: 0 xc000006d
Son: 0 xc0000064
Process information:
The caller process ID: 0 x0
The caller process name: -
Internet information:
The name of work:
The source IP address: -
Source port: -
The authentication information in detail:
The login process: NtLmSsp
The authentication packet: NTLM
Shipping service: -
Packets (NTLM only) : -
The key length: 0
Login request failed in trying to access the computer generated the event,
The emergence of information such as the one above has a large screen name sometimes can also be other, feeling like a brute force, but the source in the network information is empty, how be to return a responsibility excuse me? Also please help
Supplement: this is 2012 d2r2 server
CodePudding user response:
I also met the same problem, the address and port number is emptyCodePudding user response:
The original poster is how to solve?CodePudding user response:
Met the same problem, non-professional himself, don't know much about,Beginning is temporary isolation for a period of time to change a password,,,
Later have time to consider, since have a TCP connection is sure to find the IP, and then began trying:
First of all is the network connection, try 360 ok, direct can see 3389 TCP connection,
At the back of the simple, will appear in the IP into the firewalls to prevent abnormal connection (key word: inbound rules -.. - custom -.. Scope -.. - remote IP),
But can't have something fine open 360 staring at it, then I searched a c # code made a simple console application, monitoring a specified port every second, and records the connection information and link length, and then save to file,
Behind only need regular file from illegal IP unified processing line,
See the core code:
https://www.cnblogs.com/emanlee/archive/2013/02/01/2889612.html
Public static void GetTcpConnections ()
{
IPGlobalProperties properties.=IPGlobalProperties GetIPGlobalProperties ();
TcpConnectionInformation [] connections=properties. GetActiveTcpConnections ();
The foreach (TcpConnectionInformation t in connections)
{
The Console. Write (" Local endpoint: {0} ", t.L ocalEndPoint. ToString ());
The Console. Write (" Remote endpoint: {0} ", t.R emoteEndPoint. The ToString ());
Console. WriteLine (" {0} ", t.S Tate);
}
Console. WriteLine ();
The Console. ReadLine ();
}
CodePudding user response: