No announcement yet.

Security Log EventID's

  • Filter
  • Time
  • Show
Clear All
new posts

  • Security Log EventID's

    We have an XP pro (sp2) machine that is joined to a Windows 2003 domain. We have 2 local DC's both running DNS AD integrated and a 3rd DC offsite on the same subnet. We've noticed that in the security event log on this pc it shows other user names listed in the log along with the person's name who regularly uses this machine. What does this mean in regards to security? Could this mean that the other user who shows up in this security log tried to login to this pc?

    On the same machine we've noticed in the application log we're getting 1030 UserEnV events - . When researching this error, it states that the machine cannot query the list of GP objects. We do not have any group policies set on our windows 2003 domain, other than the default domain and domain controller policy. Nothing was modified in either of these policies.

    In the system log event 40961 are occuring quite a bit. It states that "The Security System could not establish a secured connection with the server ldap/domainController.domain.local/ " (domaincontroller
    and domain.local are an example of what the log looks like)
    The domaincontroller this log is referencing is our 3rd DC that is in our remote location. The properties of the NIC card on the XP workstation are set to point to our primary DC and secondary DC for DNS resolution locally.
    Why would this log appear trying to establish a secured sesion with a remote domain controller?

  • #2
    Re: Security Log EventID's

    The answers in here might help.


    • #3
      Re: Security Log EventID's

      Since writing this post, we have figured out that for events 1030 and events 40961 can be corrected by applying sp3 for Windows XP.

      But we're still having a hard time figuring out why other usernames would be showing up on a specific pc's security log when other users have no reason to access this xp machine? Appling sp3 might solve this issue but wanted to see if anyone else out there have experience this problem.