Event Viewer Failure Audit messages under Security

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I finally started looking at the Event Viewer on my XP Pro SP2 system. I
found three Failure Audit messages under Security over and over again, I
assume during reboot. Using Search, I found the files advapi32.dll in
Windows/system32 and advapi32.class in com/ms/win32 (is that the registry?).
Will someone please give me a URL that explains these error messages? Thanks.

MESSAGE #1
IPSec Services failed to get the complete list of network interfaces on the
machine. This can be a potential security hazard to the machine since some of
the network interfaces may not get the protection as desired by the applied
IPSec filters. Please run IPSec monitor snap-in to further diagnose the
problem.

MESSAGE #2
Logon Failure:
Reason: Unknown user name or bad password
User Name: Pete
Domain: OFFICE
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate

MESSAGE #3
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Pete
Source Workstation: OFFICE
Error Code: 0xC000006A
 
You need to have the Event ID & the Event Source. Microsoft product: --All
Products-- is usually good enough. Be careful when scrolling down in the
page so that Microsoft product: doesn't change on you.

To view Windows XP Events and Errors, type the Source (for example, Print)
and/or the Event code (for example, 20) into the ID field, then click the Go
button. Source and Event codes may be found in the Event Viewer logs.

Events And Errors Message Center: Advanced Search
http://www.microsoft.com/technet/support/ee/ee_advanced.aspx

Events And Errors Message Center: Basic Search
http://www.microsoft.com/technet/support/ee/ee_basic.aspx

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
The link below from Eventid.net may also help.

http://www.eventid.net/display.asp?eventid=680&eventno=2267&source=Security&phase=1

If these events are happening at startup of the computer or logon only I
would not worry about them other then it is an annoyance to see them. The
ipsec warning is nothing to worry about unless you have configured the
computer to be very locked down with ipsec [an advanced topic that 99.9% of
home users will never use] and are in what would be considered a hostile
network environment. What you want to be looking for is unexplained logons
in the security log particularly of administrator accounts and multiple
[dozens or hundreds] logon failures of a user account in rapid succession
that can indicate a hack attempt and such attempts usually show an unknown
or infected/compromised computer/workstation as the source of the logon
failures.

Steve
 
From reading previous posts on ipsec, it seems that I could just disable the
process from starting, and that would eliminate the problem entirely. And
yes, I only see these events upon boot or login, so it does not appear to be
a genuine security problem. Thanks.
--


Pete



Steven L Umbach said:
The link below from Eventid.net may also help.

http://www.eventid.net/display.asp?eventid=680&eventno=2267&source=Security&phase=1

If these events are happening at startup of the computer or logon only I
would not worry about them other then it is an annoyance to see them. The
ipsec warning is nothing to worry about unless you have configured the
computer to be very locked down with ipsec [an advanced topic that 99.9% of
home users will never use] and are in what would be considered a hostile
network environment. What you want to be looking for is unexplained logons
in the security log particularly of administrator accounts and multiple
[dozens or hundreds] logon failures of a user account in rapid succession
that can indicate a hack attempt and such attempts usually show an unknown
or infected/compromised computer/workstation as the source of the logon
failures.

Steve


Pete said:
I finally started looking at the Event Viewer on my XP Pro SP2 system. I
found three Failure Audit messages under Security over and over again, I
assume during reboot. Using Search, I found the files advapi32.dll in
Windows/system32 and advapi32.class in com/ms/win32 (is that the
registry?).
Will someone please give me a URL that explains these error messages?
Thanks.

MESSAGE #1
IPSec Services failed to get the complete list of network interfaces on
the
machine. This can be a potential security hazard to the machine since some
of
the network interfaces may not get the protection as desired by the
applied
IPSec filters. Please run IPSec monitor snap-in to further diagnose the
problem.

MESSAGE #2
Logon Failure:
Reason: Unknown user name or bad password
User Name: Pete
Domain: OFFICE
Logon Type: 2
Logon Process: Advapi
Authentication Package: Negotiate

MESSAGE #3
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: Pete
Source Workstation: OFFICE
Error Code: 0xC000006A
Click to expand...
Click to expand...
 
Back
Top