I think I’ll go with the second option and ignore 1152 errors per day.You can obtain the state of each process by checking the Status value in the /proc/pid/status file, and then collect the total number of processes in each state. and try to figure out how to make the tool stop this access or how to grant it permission to do the access. Delve deep into IPv6, pipes, Sysinternals, etc. The error is coming from a legitimate program, so ignore 4 errors x 12 times/hour x 24 hours/day = 1152 errors per day.Stop the PsLoggedon user monitoring on the server.For some reason, PsLoggedon is trying to create a pipe on an IPv6 Link-local address. So what is going on here? I’m using the monitoring tool to run PsLoggeon.exe, one of the Sysinternals Pstools, to see who (if anyone) is logged on locally to the server. Now that we know that the event has a Result of LOGON FAILURE, we can add that as a Process Monitor filter and find the failures even faster:Īnd here are the four failed logon attempts: Assuming Process Monitor was running when the event was generated, we can look for events occurring just before “2:47:13.009094300” in Process Monitor: How do we know which line triggered the above event? The trick is to get the exact time (timestamp) from the error’s Details tab, or from the Event Xml above. Sysinternals Process Monitor generates thousands of lines per second. IPv6 is installed on the machine and it is set to obtain an address automatically but there is no IPv6 DHCP server on the network. It’s interesting that the Source Network Address is the Link-local IPv6 address. Source: Microsoft-Windows-Security-Auditingįailure Reason: An Error occured during Logon.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |