Security Events for Event ID 529

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ smallbiz
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - New workstatiosn, users can no longer install software -using Acti Have a Active directory domain on a Windows 2003 server. Just upgraded some workstations from windows 98 to XP. These were new computers. Problem is users can not install programs, must be done as admin. Previous computers this was not an issue. Now 2 of the workstations were existing XP. All that was done is they were switched to new users. But, the problem still exists where the user can not install software. I was under the impression that Active directory would control user rights to install software, but it appears that this is not the case, it is the workstations themselves. What needs to be done so we can set users to install their own software ? All workstations are now upgraded to SP2. So it may be a factor, we do not know. We did not attempt any software installs until after the upgrades. Tag: Security Events for Event ID 529 Tag: 170148
  - 2
    - Unable to connect to DOMAIN Controller I'm working with a SBS2000 server that recently had an issue with a corrupt "SYSTEM" registry file and the folks didn't have a ERD or a recent backup of the system files. So I was forced to rebuild the server. I rebuilt the server and I'm running into a problem. My clients can not communicate with the DC. It's grabbing an IP from it, I can ping the DC IP and it's name successfully. However, since I nuked the previous DC and reinstalled it I thought that I would have to remove the client from the domain and re add it. Well when re-adding it I get an error that "This Network Name cannot be found". I'm at a roadblock. I did notice that WINS is acting weird and so was DHCP. The internal network is 10 dot while my external is 192 dot. And for some reason SBS was recognizing the 192 dot as primary. So I removed the nic fo the time being and forced it to the 10 dot. I then removed DHCP server, re added it and it's now seeing DC as 10 dot. However I get a red X when I bring up WINS management console saying it cannot find a WINS server. My domain name is AMBROSECO.COM. Tag: Security Events for Event ID 529 Tag: 170147
  - 3
    - Error 32089 when submitting a new outgoing fax via Shared Fax Hi, We are experiencing a problem on a system with Shared fax server. When a client submits a new fax all seem to process correctly, yet the fax is not placed into the queue. In the error log on the server we get the following: - Event Type: Error Event Source: Microsoft Shared Fax Event Category: Outbound Event ID: 32089 Date: 26/01/2005 Time: 15:28:37 User: N/A Computer: GANDALF Description: The Shared Fax Service print monitor has failed to submit the fax. The following error occurred: 2. This error code indicates the cause of the error. Sender Machine Name: \\192.168.0.23. Sender User Name: ..... Sender Name: ..... Subject: ...... Recipient name: .... Recipient number: 0..... Number of Recipients: 1. Any ideas? Further info Client - Win XP SP 2 Server - Small Buiness Server Wndows 2000 SP 4 The fax modem on the server is set to recieve AND the options in the general tab of the properties of Share Fax to disable submission and outgoing faxes are NOT enabled Chris Tag: Security Events for Event ID 529 Tag: 170146
  - 4
    - 2003SBS rename email domain Hello all, Can anyone help with the following:- One of our clients currently running a 2003SBS server, have changed their company name. Although we do not need to rename the server Domain we do need to change the email domains. Question is:- Is there a correct process or procedure that should be done when renaming email domain on an SBS2003 machine, or can we just run the Internet wizard again? Many thanks Tag: Security Events for Event ID 529 Tag: 170137
  - 5
    - Moving ISP - what changes for SBS2k? We're in the UK and moving from Demon's ISDN dialup to their ADSL package. The new (non-nat) router has arrived and it has wholly different IP's than our original Cisco. The SBS is dual-homed, with the external router on 192.168.1.1 and the external NIC on 192.168.1.2. The new router does not have an internal NIC so it looks like I'd need to put the external IP (A.B.C.D) onto the external NIC - effectively connecting us directly to the Internet. Is this correct? Also, I would appreciate help on the settings I need to change within SBS to accomodate this routing change: 1) anything in RRAS? 2) hostname changes from XYZ@ISDN.demon.co.uk to ABC@adsl.demon.co.uk I don't really want to start fiddling and then find that I can't go back if there's a problem. This is probably a simple change and just requires a reboot but.... knowing SBS... that's maybe not how it is... Admin Tag: Security Events for Event ID 529 Tag: 170136
  - 6
    - Windows Server 2003 to SBS 2003 Hello, I have a customer that already uses a Windows Server 2003. Less than 5 clients are accessing it but he wants to have an exchange server + SQL server for his small business. So I adviced him to buy SBS 2003. The current configuration is: HP ML310 Server AD File Server little software (Like UPS Monitor, AVM Ken!) My question ist plain and easy: can I "downgrade" to SBS Premium by just running the Setup from SBS Premium? Or what do I have to do in order to install the SBS Server without starting from the scratch. Thank you! Alexander Buschek BTW I searched for "Server 2003" but none of the results I found were related to exactly this situation. Tag: Security Events for Event ID 529 Tag: 170135
  - 7
    - Moving an SBS2K Server We need to move an SBS/Win2K Server from old hardware to new hardware. The trick is, the new server has to have the same name as the old one, but we're not allowed to just backup the old one and restore to the new one. Any ideas? Tag: Security Events for Event ID 529 Tag: 170132
  - 8
    - Outlook Web Access Contacts list I have a user who wants the default contacts list to be a public contacts when connecting via OWA. Currently his email addresses are only being checked against his mailbox contacts list. Any way to change this, and without changing for other OWA users? Tag: Security Events for Event ID 529 Tag: 170128
  - 9
    - Problem logging on to 2000 TS since upgrading to SBS2003 Hello, We have had the following setup working fine for about 2 years .. Head office - SBS Server 2000 and Windows 2000 Server with 5 TS CALS Remote Office - Windows 2000 Server & ISA server 2000 The remote office server makes a VPN connection over ISA to the head office ISA server and all the remote Windows 98 users can access their terminal server desktops on the head office 2000 TS server. We had a crash on the head office SBS server a few weeks ago, it wasn't recoverable so we changed the network to look like this ... Head office - SBS Server 2003, Existing Windows 2000 Server for TS access and 2 Windows 2003 servers for additional file and printer sharing and also domain controllers. Remote office - Windows 2003 Server and ISA Server SP1 Since doing this, the remote windows 98 users cannot log in to the Windows 2000 Terminal Server. They can ping the server and indeed if they go to the Windows 2003 server which they have on site, they can access the Terminal Server from there. However, it times out from their PC's. The head office terminal server has this in the event logs ... Event ID 1004: The terminal server cannot issue a client license. This occasionally pops up as well Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client. Things I've tried doing to rectify Setting the encryption level on the TS to low Install a licence server on the SBS2003 server at head office. I can see the licence server giving out grace licence's to the Windows 98 PC's! One final thing, every now and again it looks like it may actually log on to the TS and you see the Remote Desktop bar at the top of the screen but it then fails with a connection broken message. We can ping the server fine though from the workstation. Please help if possible. Thanks Jon Tag: Security Events for Event ID 529 Tag: 170127
  - 10
    - Removing ISA... We took over a business running Windows 2000 Small Business Server multi-homed. This business has ISA running. Since taking over we have placed the business behind a hardware firewall and no longer need ISA. All the desktops are set to use ISA in a proxy configuration and nobody likes that including us. Can we remove ISA? If so how? Link please. :) Can we remove ISA without having to reset all the browsers? Thanks, Rex Tag: Security Events for Event ID 529 Tag: 170125
  - 11
    - SBS CALs Hello, I am trying to add extra CALs to a SBS 2000 server with a view to adding up to 16 additional clients. My software vendor tells me that yo cannot get SBS 2000 CALs now and have to use SBS 2003 CALs. Is this correct? I seem to recall that they are different in the way they are installed. 2000 using a disk and 2003 using a code. Can anyone clarify this for me? Thanks. Paul Tag: Security Events for Event ID 529 Tag: 170117
  - 12
    - Displaying network cooections on SBS2000 Hi I have an SBS 2000 Server which is having massive issues with ISA. I have bypassed the ISA server to provide internet access through the LAN NIC. I now need to change the default gateway from the Internet NIC to the LAN NIC (from the 10.0.0 NIX to the 192.168 NIC). When I try to go to the "Network & Dial up connections" from the Start > Settings > Network & Dial up connections, nothing happens. When I try to go through the control panel I can open the Network & Dial up panel but it is empty. It does not display any connections. I think it is hung. Tried several times. Rebooted server. Still the same. Any ideas gratefully accepted. Mike Tag: Security Events for Event ID 529 Tag: 170114
  - 13
    - Quick ISA question Running SBS2000 with ISa(dual nic). I have added a server publishing rule using the predifined IMAPS. I speficed my internal address and external then I restarted ISA but no matter what port scanner I used port 993 never displays as open. I am trying to get some users configured to access IMAP from a couple of PDA phones. I have never had a problem opening ports in ISA and am kinda confused as to what the desl with it is. Thanks Eddie Tag: Security Events for Event ID 529 Tag: 170109
  - 14
    - Moving from SBS 2000 to Server/Exchange 2003 Moving from SBS 2000 to Server/Exchange 2003. (On new Hardware) I am unable to find a Microsoft article on exactly how to do it. Does anyone know the steps involved? Here is where my research has led me so far: 1. Add the Server 2003 Box to the existing domain and make it a Domain Controller. 2. Add Exchange Server 2003 to the Current Exchange Organization. Question for 1 and 2: Do I have to run some prep utility to my current SBS 2000 System before I add the New 2003 server to the domain? I have found some info referencing that, but I don't know if it is needed. 3. Once the servers are connected, am I to transfer the e-mail boxes from one server to another? What is the utility called? 4. Transfer FSMO roles - I think I can handle this one. I'll continue my research, but if anyone can provide any additional assistance, I'd appreaciate it. P Tag: Security Events for Event ID 529 Tag: 170103
  - 15
    - Internet access for XP client when connected by VPN New client machine, recently upgraded to Windows XP, can no longer access the Internet while connected to our SBS 200 by VPN. Can someone suggest an answer or troubleshooting steps? Is the ISA Firewall client required? Many thanks. Tag: Security Events for Event ID 529 Tag: 170093
  - 16
    - Correct LAT settings? We've had a couple ISA messages in Event Viewer that the "routing table has changed." Situation is dual NIC SBS 2000 w/dynamic DNS and remote clients dialing in by VPN. Internal network is of the 10.0.0.0 variety, as it was with SBS 4.5. Do any of the following current LAT entries look suspicious or unnecessary? Should any be deleted? 10.0.0.0 - 10.0.0.255 10.0.0.0 - 10.255.255.255 10.0.0.2 - 10.0.0.2 10.255.255.255 - 10.255.255.255 169.254.0.0 - 169.254.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255 Thanks in advance. Tag: Security Events for Event ID 529 Tag: 170092
  - 17
    - Screen saver on server moves creeps along Hello, I'm not sure of when this started happening, but it's at least two months ago we started noticing that the screen saver on our server is moving very slowly and it takes a good 5-6 seconds before you can get control back after moving the mouse or pressing any key. The screen saver is a starfield simulation and it is set to move fast. I tested it in preview mode and it seems to work normally, yet when it activates after 5 minutes it just creeps along very slowly. We haven't made any changes to our system in months. Any help would be greatly appreciated. Tony Tag: Security Events for Event ID 529 Tag: 170091
  - 18
    - Terminal Services CALs I have SBS 2000 with 25 Windows CALs. The license says that these CALs cannot be used as Terminal Services CALs, except if the client machine is Windows 2000 Pro or Windows XP Pro. I then found that if you have internet type users accessing the server, then you will need the Internet Connector License. I have also read that if the external users are minimal, then the Internet Connector License is optional. What is the exact license setup for allowing internal users as well as minimal external users to connect through Terminal Services ? Microsoft's website states that the Windows 2003 External Connector License (ECL) has replaced the Internet Connector License. Will the ECL work on SBS 2000 ? Tag: Security Events for Event ID 529 Tag: 170084
  - 19
    - Moving from POP3 Mail to Microsoft Exchange Our organization currently uses POP3 e-mail, and the e-mail is stored in a Microsoft Exchange mail store. Under Tools / E-Mail Accounts, you can see two accounts - mail.company.com (our POP3 mail that is hosted by our ISP), and Microsoft Exchange Server. The POP3 mail is the default. The server is SBS 2000. I have ordered a 2003 Server with Exchange 2003. I'd like to move our e-mail to be hosted by our new server. We have the domain registered, but I guess DNS is pointing to our ISP right now. I am unsure exactly what to do to move our mail in-house. Does anyone know the steps, or can anyone point me in the right direction? Thanks P Tag: Security Events for Event ID 529 Tag: 170082
  - 20
    - Best Remote Acces method for SBS2000 We have an SBS2000 Server with 2NICS, STATIC IP, Linksys router (behind ISP's router/modem) with VPN capability, using ISA Server 2000, Exchange 2000. LAN users have Outlook 2002. We have a user that travels (desktop at work is XP Pro, travels with laptop using XP Pro)and would like to remotely access his desktop so that he can use Outlook and access data files on the server just as if he was at work. Currently he has Administrator rights on the LAN which for security reasons we plan on changing. Since it seems to be the preferred method for a case like this, can Remote Web Workplace work with SBS2000 or does it only work with SBS2003? Our we limited to using VPN only? Thanks! Tag: Security Events for Event ID 529 Tag: 170066
  - 21
    - Corrupt SYSVOL I have come to the conclusion that my SYSVOL files are corrupt, and the FRS service cannot start. Only now have I realised that I should be making System State backups. Is there a simple way to start again with a fresh SYSVOL set? The only resources I can find on the web suggests that I restore from another domain server, but this is SBS - there are no other servers. I'd be grateful for any ideas offered. Tag: Security Events for Event ID 529 Tag: 170064
  - 22
    - update issue Any help with 0x8007F004? I am unable to perform windows update on sbs 2000 even thogh I have full administrator rights and correct local policy security setting. I have also deleted wutemp, windowsupdate folder and windows update.log. Thanks, Paul, IS Mgr., Head Start Tag: Security Events for Event ID 529 Tag: 170058
  - 23
    - Microsoft Fax Connector Here's a good question: We have an SBS2k server running and on the same network, we use a HP3000 running MPE/iX. The HP has been emailing reports for the last year and does so wonderfully. My question: Must clients be running MS Fax services in order to utilize the fax software already installed on the Small Business Server? In otherwords, if I sent an email addressed to [fax:XXX-XXX-XXXX], would exchange/fax service pull that email and automatically fax it? Tag: Security Events for Event ID 529 Tag: 170053
  - 24
    - Outlook Web Access I am trying to enable Outlook web access. I am to the point where I am trying to enable access on the Virtual Server (Within Exchange System Manager), however when I try to open the properties it tells me I have to use the IIS Admin. I cannot find access/directory browsing anywhere in the IIS admin. We do not have a web site, do I need IIS admin? Please help. Tag: Security Events for Event ID 529 Tag: 170036
  - 25
    - SBS 2000 claims it's an eval copy? A client called this afternoon complaining that many of their users could not logon to the server (SBS 2000). Connected via TS and the server reports it is an Eval Copy. However it 'should' be a full version and has been running for a year and 14 days so even had it been installed using Eval media it would have given issues long ago surely? There are no errors in the event log that I can see, just the 'Evaluation version' text in the SBS MMC and a similar message if you attempt to launch the licencing applet. I know that you can easily upgrade an eval version using the full retail media but as I can't see how this server can have been installed using Eval media I'm wary of attempting this in case it makes matters worse! Any ideas gratefully received otherwise it's a call to PSS first thing. Darren Tag: Security Events for Event ID 529 Tag: 170035
- Next
  - 1
    - Preventing a user from accessing the desktop... We have a WIn2K3 terminal server user that is strictly a remote user - dialing in to access one application. I have the user configured on our windows 2000 SBS AD profile to run the particular app as soon as he logs in. (under the environment tab of the profile). THis hjas been working fine... Somehow this morning he got the desktop instead. I haven't figured out how yet and fortunately I trust this user and he let me know. It could have been much worse... How can I prevent this from happening? Is there a way to completely remove access to the desktop altogether so that this user would have received a message indicating they were unable to access the desktop?? Thanks, Brad Tag: Security Events for Event ID 529 Tag: 170033
  - 2
    - Web Forms Any trick to getting a web form to e-mail results under SBS2000, it keeps telling me that FPSE must be installed, they are and configured? Robert Tag: Security Events for Event ID 529 Tag: 170030
  - 3
    - Server Migration SBS 2000 to New Server Box Hi, This is a popular subject so I will relate what I've learned and just ask for comments / criticism re any oversights I have in my plan. Background: I have a new client with a SBS 2000 installation using ISA, Exchange, OWA, Trend antivirus, file sharing. His business has grown to 18 users. No second DC, no RAID, backup inconsistent, current server is an over-burdened AMD desktop PC with a lot of memory but misconfigured hard disks, and is a single point of failure. Running Health Monitor actually crashes server (all red marks!) Prior to my coming on-site, they purchased a new "server" (actually a P4 workstation class machine) to upgrade the facility but the previous provider couldn't figure out how to migrate. (Being used as print server presently!) At this point I am afraid to try to migrate him to SBS 2003 due to license costs, lack of immediate bang-for-buck for problems above. Perhaps the next phase after I am established as a consultant to his business. Plan - I will: 1. Configure RAID 1 on the new server. (Preformat with NTFS using WINPE environment?) 2. Install SBS 2000 on the new server. (How far? Use "fake" domain name?) Configure volumes like old server, but with appropriate sizes. 3. Install compatible backup device on old server. Do a full NTbackup of the existing SBS domain including file shares, Exchange & sysvol. (Can I backup to new "fake" SBS domain volume instead? Permission issues, with no domain trust relationship possible in SBS?) 4. Remove backup device from old server and install in new server (if network backup not possible.) 5. Reboot new server offline (or on isolated subnet?) and do Directory Services Restore Mode using backup of old server. New server now "thinks" it is DC for existing network. (Which password do I use for Restore Mode, old server or new?) 6. Configure network IP configurations on new server identical to old server. Shutdown. 7. Physically replace old server with new, network-wise (internal/external connections.) Take old server offline. 8. Reboot new server and test. Restore old server if new one has issues. 9. New server SBS elements work?! Install anti-virus server if OK. 10. Flush old server, upgrade processor and install new Windows 2000 Server Standard. 11. Add old server to domain as member server, then run DCPromo. Replicate AD. 12. Split off anti-virus server duties, add print services to second DC. 13. DFS for file shares? Thanks in advice for comments, any answers to questions you can provide. And Jeff Middleton, TIA for your swing method, but not in budget. As a private consultant, I have to spend time unpaid rather than buy stuff and charge clients. My time is both invaluable and valueless, as long as I still sleep once in a while. Tag: Security Events for Event ID 529 Tag: 170024
  - 4
    - Robotic Library Backup Does anyone know how to successfully schedule a backup with NTBACKUP using a robotic library? I have an autoloader and am having difficulty setting this up. I have read articles relating to Stand-Alone backup devices and have successfully managed to schedule four separate differential backups (the correct tapes are selected for Mon diff, Tues diff, etc) - these work perfectly but each backup consists of one tape only so media pools do not come into play. I have a Robotic library with 8 slots and would like to use the same 8 tapes every week in my full backup. How do i set the media pool up and schedule it so that the same tapes are selected each time?? Any help would be greatly appreciated. Tag: Security Events for Event ID 529 Tag: 170021
  - 5
    - Outlook Shutting Down Since Patch Installment Hello, On many, but not all, of my PCs, when the user opens Outlook, it shuts down after a few seconds. This started after I installed some patches on my server on Friday. I installed the following patches: Update Rollup for Exchange 2000 (KB870540) ISA Service Pack 2 Vulnerability in ISA Server 2000... (888258) It stands to reason that one of these patches caused the problem, but I am not sure. Has this happened to anyone? I appreciate the help. Thanks, Chris Tag: Security Events for Event ID 529 Tag: 170020
  - 6
    - ensuring user can not view the dektop... I have an AD terminal server user configured so that whenever they log on a program is automatically run. (othe only app they need to use). This also prevents them from seeing the desktop - because when they exit the app, the terminal server session is also ended. However, this morning, the user told me the startup app did not run and they were able to view the desktop.... I am not sure how or why this happened, so I simply want to assign a group policy that will not allow these user to even get to the desktop. Is this possible? Thanks, Brad Tag: Security Events for Event ID 529 Tag: 170017
  - 7
    - Win2K3 Backup DC not managing AD properly... We have a Win2K Small Business server and recently I added a Win2K3 DC into the mix. We had an issue this weekend where the Win2K SBS machine went down and the Win2K3 backup DC took over. I have a particular user AD account set up that is configured to automatically run a program when that user logs on - as opposed to showing them the desktop. I found out this morning from this user, that when they logged on early this morning (before the SBS machine was back up), that the desktop was displayed - and the app that is supposed to start up automatically at logon did not! Why would the backup domain controller not have made sure that the startup application listed in the "Environment" tab of the users AD profile not have run? This startup app is located on a completely different server - which was up and running no problem. The only other thig I can add is that this users is a terminal server user and all TS users use romaing profiles because we have two terminal servers that can connect to via load balancing. The default TS roaming profiles are located on the SBS server that was down. I can't see why this would have prevented the startup app from running though... Any help would be most appreciated!! Brad Tag: Security Events for Event ID 529 Tag: 170016
  - 8
    - Freeing space in SBS2003 Hello, I am running SBS2003 PRemium and am running out of hard drive space on my C drive. I will have this issue permanently sorted out once tech support for a SQL based application calls back but I need to free up some space right now. My disk cleanup is not coming on line after I choose the C drive so I need to delete some stuff manually. Is there any .tmp files that I should be afraid to try to delete? Any way to clean up anything else? I have no applications left that I can remove and have already moved data off the drive. Any help would be greatly appreciated. Thanks. Aaron Tag: Security Events for Event ID 529 Tag: 170012
  - 9
    - DHCP and RAS odd behavior I have noticed in my DHCP Address leases that there are many leases to a unique called 'RAS". It is taking up around 10 leases at any given time. There are no users that connect via VPN, although there are 4 that connect via Terminal Services. Does anyone know why I am seeing so many RAS DHCP leases? Thanks PM Tag: Security Events for Event ID 529 Tag: 170011
  - 10
    - << Small Biz News the week of January 23>> Song of the week news://msnews.microsoft.com/uowkBZMAFHA.2104@TK2MSFTNGP14.phx.gbl [why do I get an image of flying Elvis's?] If you are using a POP connector in SBS 2003 to pull email PATCH IT www.sbslinks.com/popconnector.htm --------------------------------- Blogs of note TAZ on Exchange webcasts http://www.taznetworks.com/rss/2005/01/exchange-webcast-for-small-office.html Small businesses starting their own trade associations http://www.smallbusinesses.blogspot.com/2005/01/small-businesses-need-dedicated-trade.html Marketing tips http://www.smallbusinesses.blogspot.com/2005/01/marketing-tips.html Almost 1/2 have viruses http://securityawareness.blogspot.com/2005/01/almost-half-home-computer-users-fall.html Gates as a Pin up? http://blog.seattlepi.nwsource.com/microsoft/archives/004180.html?wbfrom=rss SeanDaniel.com - why we shouldn't run the Security Configuration Wizard on our boxes http://seanda.blogspot.com/2005/01/security-why-wait-for-sbs-sp1.html PDC is starting to heat up http://www.jeffsandquist.com/PermaLink,guid,002448d6-c783-4379-aa69-e975d5d6ec51.aspx The buzz on Firefox http://www.micropersuasion.com/2005/01/firefox_nation.html Need IT resources? http://thenorwichgroup.blogs.com/fieldnotes/2005/01/sbs_it_consulta.html Microsoft's email culture http://johnporcaro.typepad.com/blog/2005/01/microsofts_emai.html SBS Knowledge base articles of interest: http://msmvps.com/bradley/archive/2005/01/23/33708.aspx --------------------------------- In other news Technician Sentenced in Thefts of IDs A computer technician who prosecutors say touched off the largest identity theft in U.S. history was sentenced to 14 years in prison Tuesday by a judge who said the damage he caused was "almost unimaginable." Philip A. Cummings, 35, of Cartersville, Ga., a former help-desk worker for a Hauppauge, N.Y., software company, apologized before U.S. District Judge George B. Daniels imposed the sentence in New York. http://news.zdnet.com/2100-1009_22-5533554.html http://www.latimes.com/technology/la-fi-idtheft12jan12,1,75957.story http://www.theregister.co.uk/2005/01/12/grand_theft_id/ - - - - - - - - - - T-Mobile: Hacker had limited access Mobile-phone carrier T-Mobile has acknowledged that an online attacker gained access to its network, but denied reports that the criminal had the run of its network and broadly threatened its http://news.zdnet.com/2100-1009_22-5534323.html http://www.msnbc.msn.com/id/6818785/ http://www.usatoday.com/tech/news/computersecurity/hacking/2005-01-12... - - - - - - - - - - Double trouble from Symbian virus Virus writers have created a mobile phone worm theoretically capable of spreading via either Bluetooth or by attaching itself to files. The use of two spreading tactics by Lasco-A is common in the world of Windows viruses but previously unheard of in mobile phones. http://www.theregister.co.uk/2005/01/12/lasco_symbian_virus/ - - - - - - - - - - Gmail glitch yields access to messages A problem with Google's e-mail service, Gmail, let any user query the company's servers for information on the last message sent, two hackers announced on Wednesday. The programmers, part of a community site dedicated to the Unix-like FreeBSD operating system, found that an improperly formatted address allowed Gmail users to retrieve the message body of the last HTML- formatted e-mail processed by the server. http://news.zdnet.com/2100-1009_22-5534210.html - - - - - - - - - - Apple fixes flaw with iTunes update Apple on Tuesday released an update of its iTunes software to address a vulnerability that could cause earlier versions to crash and execute arbitrary code. http://news.zdnet.com/2100-1009_22-5533750.html - - - - - - - - - - Microsoft Issues Patches for Critical Flaws The latest Windows vulnerabilities are serious in that hackers can get malicious code to execute on PC without user interaction, says Russ Cooper of security firm TruSecure. "The worst is the HTML Help ActiveX vulnerability, because it is the stealthiest." http://www.newsfactor.com/story.xhtml?story_title=Microsoft-Issues-Pa... http://www.usatoday.com/tech/news/computersecurity/hacking/2005-01-11... New holes threaten media players http://computerworld.com/securitytopics/security/story/0,10801,98899,... - - - - - - - - - - Cybersecurity czar call renewed Congressional representatives are trying again to create a cybersecurity position within the Homeland Security Department's Information Analysis and Infrastructure Protection Directorate. http://www.fcw.com/fcw/articles/2005/0110/web-czar-01-11-05.asp Yet another cybersecurity chief steps down http://news.zdnet.com/2100-1009_22-5534064.html http://www.gcn.com/vol1_no1/daily-updates/34807-1.html - - - - - - - - - - 'Anti-phishing' verbal signatures get thumbs up With phishing attacks on the increase there has been growing support for the introduction of 'verbal signatures' for two-way authentication between banks and their customers, as suggested by silicon.com. http://software.silicon.com/security/0,39024655,39127007,00.htm - - - - - - - - - - Securing data from the threat within A company's biggest security threat isn't the sinister hacker trying to break into the corporate network, but employees and partners with easy access to company information. http://www.crime-research.org/news/12.01.2005/893/ - - - - - - - - - - Computer, physical security expected to merge Companies will increasingly integrate physical and computer security systems in 2005, spending over $1 billion in the United States and Europe, Forrester Research concluded in a report published this week. http://news.zdnet.com/2100-1009_22-5534312.html - - - - - - - - - - RFID : ID'ing the Players RFID is an unproven, unstandardized technology for supply chain usage. EPC Global (Electronic Product Code), a spin-off of the UCC (Uniform Code Council), recently ratified a standard for tags, but everything else is still in a state of emerging chaos. http://www.newsfactor.com/story.xhtml?story_title=RFID---ID-ing-the-P... - - - - - - - - - - Nefarious characters roam the wild, wild Web The Internet gives millions of people faster access to more information than at any time in human history. A few mouse clicks enables online users to buy a best-selling book, bid on baseball memorabilia or book a flight to Bora Bora. http://www.crime-research.org/news/12.01.2005/894/ -- An open letter to the Security Community:: http://msmvps.com/bradley/archive/2004/12/12/23540.aspx Tag: Security Events for Event ID 529 Tag: 170006
  - 11
    - POP3 mail Hi, We have a new server which operates on a single externally hosted global pop3 catchall account. The server is downloading mail from the pop3 server but is not distributing the mail to our users. Any suggestions would be gratefully appreciated as the staff expect to have full email functionality by tomorrow morning. Thanks in advance David Tag: Security Events for Event ID 529 Tag: 169999
  - 12
    - Is it a part of Windows 2003? I know Windows 2003 has four editions.But one of my friends were telling that Small Business Server 2003 is also a part of Windows 2003 i.e. the fifth edition.Is it true? Tag: Security Events for Event ID 529 Tag: 169995
  - 13
    - Help! Mirror boots only from floppy Trying to move a functioning SBS 2000 onto a new (larger) hard drive. No problem, right? Just insert the new drive and build a mirror from Disk Manager. Then power down, remove the power cable from the original drive and power up. No boot. If I copy the boot files onto a floppy, the drive boots fine. I've verified that the files are indeed present on the hard drive, and the floppy's boot.ini actually works unaltered. What am I missing? If it boots from the floppy, boot.ini unaltered, it should be something wrong with the MBR, no? (unusual side note: booting from CD into the Recovery Console shows winnt as being drive "F" instead of "C" like I would have thought. Running fixboot and fixmbr has no effect. Booting into Windows from the floppy and looking at Disk Mgr shows "C" and "E" like they should be, and reports no problems.) Thanks for any insight...this problem is getting old fast. Tag: Security Events for Event ID 529 Tag: 169992
  - 14
    - Forcing user logoff How can I force a user logoff & close open files? I have a user that insists on leaving files open at night. I have open files option running on the backup, but the user's system crashes periodically because he leaves documents open for weeks at a time. I think that forcing him to log on once a day at least may resolve the problem. Setting the Logon Hours (denied 12:00 - 1:00 am) through AD did not seem to help; it appears to deny logon during those hours, but not force the user off. Tag: Security Events for Event ID 529 Tag: 169989
  - 15
    - Song of the Week - Jan 22, 2005 This is a multi-part message in MIME format. ------=_NextPart_000_0006_01C5009C.6044D8B0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I was in Las Vegas this past week for a conference. I attended my first = Vegas wedding (our office manager, Laura, got married while out there), = saw 10 singing Elvis (does that make it an Elvii??), and a spectaculor = impersonation and show of the Blues Brothers. All of the music and = entertainment got me to think about how things are still the same, even = though we change. The one constant is our ability to show love, and = receive love - that will change the world! So, let's go back to a song made famous by the Three Dog Night, and = written by Paul Williams: Just An Old Fashioned Love Song aka: Just An Old Fashioned Program WAV: = http://www.geocities.com/thejunction27/justanoldfashionedlovesongthreedog= night.wav MIDI: http://wilstar.com/midi/justanoldfashionedlovesong.htm Just an old fashioned program, running on my new PC And wrapped around the software are the legal words that promises I'll = never see You'll swear you've heard it before as you slowly load the disks=20 No need in registering now, 'cause they've never send a fix ... Just an old fashioned program Written back in nineteen hundred and eighty-three Just an old fashioned program One I'm sure they wrote for the Apple III To run our code on it, and wait to see just how much time it really = takes To underscore our love affair with cr*ppy code and programs that we know = will break You'll swear you've heard it before as I slowly ramble on=20 No need in fixing it now, 'cause the patches all are gone Just an old fashioned program Running now on very slow Pentium III's Just an old fashioned program One I'm sure they wrote for you and me --=20 Kevin Weilbacher [SBS-MVP] "The days pass by so quickly now, the nights are seldom long" ------=_NextPart_000_0006_01C5009C.6044D8B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff background=3D""> <DIV><FONT face=3DArial size=3D2>I was in Las Vegas this past week for a = conference.=20 I attended my first Vegas wedding (our office manager, Laura, got = married while=20 out there), saw 10 singing Elvis (does that make it an Elvii??), and a=20 spectaculor impersonation and show of the Blues Brothers. All of the = music and=20 entertainment got me to think about how things are still the same, even = though=20 we change. The one constant is our ability to show love, and receive = love - that=20 will change the world!<BR><BR>So, let's go back to a song made famous by = the=20 Three Dog Night, and written by Paul Williams:<BR><BR>Just An Old = Fashioned Love=20 Song<BR>aka: Just An Old Fashioned Program<BR>WAV: <A=20 href=3D"http://www.geocities.com/thejunction27/justanoldfashionedlovesong= threedognight.wav">http://www.geocities.com/thejunction27/justanoldfashio= nedlovesongthreedognight.wav</A></FONT></DIV><FONT=20 face=3DArial size=3D2> <DIV>MIDI: <A=20 href=3D"http://wilstar.com/midi/justanoldfashionedlovesong.htm">http://wi= lstar.com/midi/justanoldfashionedlovesong.htm</A></DIV> <DIV><BR><BR>Just an old fashioned program, running on my new PC</DIV> <DIV>And wrapped around the software are the legal words that promises = I'll=20 never see</DIV> <DIV>You'll swear you've heard it before as you slowly load the disks = </DIV> <DIV>No need in registering now, 'cause they've never send a fix = ...<BR></DIV> <DIV>Just an old fashioned program</DIV> <DIV>Written back in nineteen hundred and eighty-three</DIV> <DIV>Just an old fashioned program</DIV> <DIV>One I'm sure they wrote for the Apple III</DIV> <DIV> </DIV> <DIV>To run our code on it, and wait to see just how much time it really = takes</DIV> <DIV>To underscore our love affair with cr*ppy code and programs that we = know=20 will break</DIV> <DIV>You'll swear you've heard it before as I slowly ramble on </DIV> <DIV>No need in fixing it now, 'cause the patches all are gone</DIV> <DIV> </DIV> <DIV>Just an old fashioned program</DIV> <DIV>Running now on very slow Pentium III's</DIV> <DIV>Just an old fashioned program</DIV> <DIV>One I'm sure they wrote for you and me<BR><BR>-- <BR>Kevin = Weilbacher=20 [SBS-MVP]<BR>"The days pass by so quickly now, the nights are seldom=20 long"</FONT></DIV></BODY></HTML> ------=_NextPart_000_0006_01C5009C.6044D8B0-- Tag: Security Events for Event ID 529 Tag: 169988
  - 16
    - problems with WIn2K3 domain controller I recently dcpromo'd our Win2K3 server to a domain controller. It now acts as a backup for our Win2K Small Business Server . This win2K3 server also has Veritas backup software installed and is our backup server primarily - and now a backup DC. Ever since it has been a backup DC, the backup jobs have had problems. I am wondering if it has to do with the refreshing of the active dir from teh primary DC. Where can I set/change the refresh of the active driectory on my backup domain controller? Thanks, Brad Tag: Security Events for Event ID 529 Tag: 169980
  - 17
    - Upgrading We currently have two SBS 2000 servers. One really needs to be updated, the other not so much. Besides SBS 2003 is there another version coming out, if so when? -- Dave Tag: Security Events for Event ID 529 Tag: 169976
  - 18
    - Panda AdminSecure ISA I recently installed Panda AdminSecure verson 3.02 on my SBS 2000 server. Panda has a virus signature repository on the server which it frequently updates from it's website. The problem I have is that ISA is blocking the automatic updates from accessing the internet. If I enable the "Allow all" protocol rule in ISA the update works correctly. Does anyone know the correct way to configure ISA so these updates work properly? Thanks, Don Tag: Security Events for Event ID 529 Tag: 169971
  - 19
    - OT: The best book I've ever read All this talk of Microsoft gets a bit dull. I read "Morris Telford- A Salopian Odyssey" recently and it made me realise there's more to life than attempting to gain access to domain controllers or enabling VPN on servers. Greta xxx Tag: Security Events for Event ID 529 Tag: 169968
  - 20
    - SBS2K-Hard Drive Space very Low. Need advice Good morning, I am running a PowerEdge 2500 Raid 5 on a back plane. 67 GIG drives. Of course the root partician was 8 GIG during the install. Is there a method of enlarging the drive space on the root partician? I have plenty of space on the other partician. I really need help on this matter. Michael Tag: Security Events for Event ID 529 Tag: 169967
  - 21
    - Implementing External RAID Hello, SBS2K. I am thinking about implementing a RAID system for my server. I need to install something external because of the lack of room inside of the machine. I am not looking for a lot of storage, simply about 80GB or so. Also, since my office is so small, if the costs are too great, I am willing to punt on hot swappable part. What I am asking is what type of issues do I need to be looking at? I need to learn all of the different specifications and what each is for. Basically, I would like to know if anyone has any sites, etc that explain how to evaluate different RAID systems as well as recommendations on how to install them. Thanks, Chris Tag: Security Events for Event ID 529 Tag: 169966
  - 22
    - Unable to allow OWA via the ICW When I re-run the ICW, the tick boxes to allow internet users access to my "web based mail server" are greyed out. Consequently users cannot use OWA remotely. I can use OWA internally however. Anybody any idea why they are greyed out ? This does not occur on any of my other SBS 2K sites. TIA Gary Tag: Security Events for Event ID 529 Tag: 169965
  - 23
    - Logon Failure: the target account name is incorrect I have a customer running SBS2003 at the root of a domain with a win 2000 server across a VPN running active directory in the same domain as a global catalog server. The problem is when you try to access the SBS2003 server from the end with the win 2000 server (either a mapped drive or through network neibourehood) you get the error â??LOGON FAILURE: THE TARGET ACCOUNT NAME IS INCORRECTâ?? Both servers are logged on as administrator (the same active directory account) Also when clients in the SBS2003 end try to access other clientâ??s outlook calendars They get an error unable to connect to exchange server. A reboot used to fix these problems, but not any more! Active directory policies have been left Totally as standard. Can any one help me with this? Thanks Lex Tag: Security Events for Event ID 529 Tag: 169962
  - 24
    - Multi-homed Setup SBS2000 {This is an x-post. I have no idea how to link it to my other post which is 4 days dead with no replies. I'm assuming that at this point an x-post is allowed though not endorsed.} Hi, I'm trying to setup a development instance of a clients full fledged multi-home server in Windows 2000 Small Business Server. It's a multi-homed server and no matter what I do I cannot get around IP address conflicts on the WAN adapter. Can someone explain to me how to get around this portion of setup succesfully. I thought I understood networking and SBS but this step is tearing my head off. I'm wondering if the problem is that I statically address the WAN NIC before I start the installation. Should I leave all NIC's as DHCP Clients and let the Wizard tell me what to do? - Rex Tag: Security Events for Event ID 529 Tag: 169948
  - 25
    - Two questions First question: How do I add this newsgroup into Outlook? I've tried by following the direction I saw on one of Microsoft's webpages, but it didn't work. Second question: Which site(s) do I need to go to in order to check if there are any patches/upgrades that may need to be installed for the SBS2K server? Thanks for the answers in advance! Torrey Lauer Modern Travel Services www.nospam.moderntravel.net Milwaukee, WI Tag: Security Events for Event ID 529 Tag: 169940

Hi all,

I have a client getting the following Event ID 529 in the Security Event
log.

Reason: Unknown user name or bad password
User Name: asdasd
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: <servername>
Caller User Name: <servername>$
Caller Domain: <domainname>
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 808
Transited Services: -
Source Network Address: -
Source Port: -

This error is happing once every few seconds. I believe they have someone
trying to hack in. I need to know how to tell if it's coming from inside or
outside and how I can help minimize the risk. The username changes to all
manner of combinations. I definitely looks like a hack attempt. We are using
a strong password on the server and I believe we have all non-essential
ports closed.

All help is appreciated,

Lesa

Top

Re: Security Events for Event ID 529 - Posted in the wrong newsgroup by Lesa

Lesa
Thu Jan 27 10:08:01 CST 2005

Sorry,

I just realized I posted this in the wrong newsgroup!

Lesa H.

"Lesa H." <notrealRolypolylesa@hotmail.com> wrote in message
news:eWq9fy9AFHA.3592@TK2MSFTNGP09.phx.gbl...
> Hi all,
>
> I have a client getting the following Event ID 529 in the Security Event
> log.
>
> Reason: Unknown user name or bad password
> User Name: asdasd
> Domain:
> Logon Type: 3
> Logon Process: Advapi
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: <servername>
> Caller User Name: <servername>$
> Caller Domain: <domainname>
> Caller Logon ID: (0x0,0x3E7)
> Caller Process ID: 808
> Transited Services: -
> Source Network Address: -
> Source Port: -
>
>
> This error is happing once every few seconds. I believe they have someone
> trying to hack in. I need to know how to tell if it's coming from inside
or
> outside and how I can help minimize the risk. The username changes to all
> manner of combinations. I definitely looks like a hack attempt. We are
using
> a strong password on the server and I believe we have all non-essential
> ports closed.
>
> All help is appreciated,
>
> Lesa
>
>

Top