LSASRV - Event ID 40968...

Guest · Feb 6, 2006

Seeing the following event being logged on our servers, when a Security
(Vulnerability) scan is run in the environment. Is there any way to prevent
these events from being logged/reported?

40968,WARNING,LSASRV,Sun Feb xx xx:xx:xx 2006,No User,The Security System
has received an authentication request that could not be decoded. The
request has failed.

Roger Abell [MVP] · Feb 8, 2006

I doubt that there is a way, at least not without disabling more
than you would want disabled.
I also am left wondering why as these are intended to clue the
admin that something is amiss - either an intentional attempt to
"plug up" or compromise the correct function of the (arguably)
most critical subsystem, or an unintended client in error state.

Guest · Feb 11, 2006

Agree on the fact that this event is informational as in when an intentional
attempt is made, an Admin needs to be notified, but, if there are known
reasons why this event is being logged, is there anyway we can tune or better
perform the Security scan to prevent this alert from being logged? Wouldn't
this event be tagged/trigger an event in the MOM console (we are yet to
deploy MOM though)...

Roger Abell [MVP] · Feb 13, 2006

There may be some logging level reg key lsa will respect
but you would need to search it out, if these is public doc
of it, unless someone knows and posts of it.

LSASRV - Event ID 40968...

Guest

Roger Abell [MVP]

Guest

Roger Abell [MVP]