Event submitted by Shavelieva
Event ID:
529
Source:
Security
Category:
Logon/Logoff

Message:
Logon Failure:
Reason: Unknown user name or bad password
User Name: FIRST LAST
Domain: USER-PC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: USER-PC
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 0.0.0.0
Source Port: 0




System32 Reference




Solution by Event Log Doctor

2013-02-21 18:34:55 UTC

Event 529 is logged on Windows Server 2003 (and earlier) hosts when a user attempts to login with an invalid username and/or password. The event is logged on the host where the attempted logon attempt took place.

"Logon Type" depicts the type of logon which occurred:

2: Interactive (physical logon)
3: Network
4: Batch (scheduled task executed under this user)
5: Service (service runs under this user)
7: Unlock (workstation/server was unlocked)
8: NetworkClearText (usually used with IIS)
9: NewCredentials (allows cloning of token)
10: RemoteInteractive (RDP, terminal services, remote assistance logons)
11: CachedInteractive (logons when domain is unavailable, e.g. from laptops)
12: CachedRemoteInteractive
13: CachedUnlock

The "Source Network Address" shows the IP address from which the logon originated, usually 127.0.0.1 when the logon was a logon type 2. For remote desktop sessions, this will show the IP address of the remote host from which the RDP connection is coming.



User Information
 
Only an Email address is required for returning users.

Hide Name

Solution

Additional Links