MSAlways

Hello, When I looked at the 2003 Server's Security Event Log, I saw loads of Event IDs 529 and 680, and the occasional 560. All of these are happening at times when the server is supposed to be inactive (ie early morning hours when I don't expect anyone to be accessing the server). After some searching on the Internet, looks like they were related to a previous Windows bug which should have been fixed with the latest updates we've applied already. However, it's still showing up and I'm not quite sure what to make out of it...... Any ideas? This apparently is causing some Kerberos authentication issues with my SQL Server Reporting Services website running on the server, resulting in either slow authentication or failure to authenticate. Previously this has been worked around by forcing the server to only work with NTLM. When we reverted it back to the default setting (ie to use Kerberos first if available), it worked fine for about a week or so until now. If anyone has any ideas, can you please shed some light? Thanks. Event ID 680 Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 680 Date: 3/27/2009 Time: 10:32:40 AM User: NT AUTHORITY\SYSTEM Computer: host00032 Description: Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: ###ISS### Source Workstation: GVMHKHKGR4SC01 Error Code: 0xC0000064 Event ID 529 Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 3/27/2009 Time: 10:32:40 AM User: NT AUTHORITY\SYSTEM Computer: host00032 Description: Logon Failure: Reason: Unknown user name or bad password User Name: ###ISS### Domain: ##ISS## Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: GVMHKHKGR4SC01 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 172.28.167.32 Source Port: 0 Event ID 560 Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 3/27/2009 Time: 10:32:40 AM User: NT AUTHORITY\ANONYMOUS LOGON Computer: host00032 Description: Object Open: Object Server: Security Account Manager Object Type: SAM_SERVER Object Name: SAM Handle ID: - Operation ID: {0,55968296} Process ID: 424 Image File Name: C:\WINNT\system32\lsass.exe Primary User Name: host00032$ Primary Domain: APAC Primary Logon ID: (0x0,0x3E7) Client User Name: ANONYMOUS LOGON Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x356020E) Accesses: EnumerateDomains LookupDomain Privileges: - Restricted Sid Count: 0 Access Mask: 0x30