Just curious if anyone has ran across this before. Labtech is reporting that there are failed logins being reported on the Primary DC. Full ticket details are below. I found this for Logon Type 3:
Logon Type 3 – Network
Windows logs logon type 3 in most cases when you access a computer from elsewhere on the network. One of the most common sources of logon events with logon type 3 is connections to shared folders or printers. But other over-the-network logons are classed as logon type 3 as well such as most logons to IIS. (The exception is basic authentication which is explained in Logon Type 8 below.)
I also found this definition for NtLmSsp: NTLMSSP (NT LAN Manager Security Support Provider) is a security support provider that is available on all versions of DCOM.
I'm not entire sure, but /seems/ like perhaps someone is trying to access a share on his machine? It seems like an automatic process. I can't find anything in any of the logs of that laptop that correspond to the times listed in the security log on the domain controller.
Any suggestions would be greatly appreciated.
Found Failed Logins: Logon Failure:
Reason: Unknown user name or bad password
User Name: Robin
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: ROBINDELLLAPTOP
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.169
Source Port: 60105