Windows 2003 Error need help

Windows 2003 R2 Standard Dc Server SP2
IIS6 with FTP installed

I keep getting this event over and over

Event Type: Warning
Event Source: MSFTPSVC
Event Category: None
Event ID: 100
Date: 3/11/2009
Time: 1:23:57 PM
User: N/A
Computer: TGCS002
Description:
The server was unable to logon the Windows NT account 'Administrator' due to
the following error: Logon failure: unknown user name or bad password. The
data is the error code.



For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2e 05 00 00 ....



Any ideas on why I am getting this?



Thanks



Tom

Probably some service was configured to run with the admin account and the
password expired or was changed.


--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


"Thomas R Grassi Jr" wrote:
> Windows 2003 R2 Standard Dc Server SP2
> IIS6 with FTP installed
>
> I keep getting this event over and over
>
> Event Type: Warning
> Event Source: MSFTPSVC
> Event Category: None
> Event ID: 100
> Date: 3/11/2009
> Time: 1:23:57 PM
> User: N/A
> Computer: TGCS002
> Description:
> The server was unable to logon the Windows NT account 'Administrator' due
> to
> the following error: Logon failure: unknown user name or bad password.
> The
> data is the error code.
>
>
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 2e 05 00 00 ....
>
>
>
> Any ideas on why I am getting this?
>
>
>
> Thanks
>
>
>
> Tom
>
>

DAve thanks for responding

Do you mean the administrator userid account?
I only have two services starting up with that account and they are online
and working. I even stopped the service and restarted the service and they
started. I know that is not a good practice but I need to do that I am not
overly woried about the security issue at this point just need things to
work if you know what I mean.

I have googled this error even on eventid site and nothing seems to fit. It
is very stange. Currently I have the FTP service stopped. By the way the FTP
service is starting with Local System Account the same as a lot of other
services.

Any other thoughts?

Thanks

Tom
"Dave Patrick" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Probably some service was configured to run with the admin account and the
> password expired or was changed.
>
>
> --
>
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft Certified Professional
> Microsoft MVP [Windows]
> http://www.microsoft.com/protect
>
>
> "Thomas R Grassi Jr" wrote:
>> Windows 2003 R2 Standard Dc Server SP2
>> IIS6 with FTP installed
>>
>> I keep getting this event over and over
>>
>> Event Type: Warning
>> Event Source: MSFTPSVC
>> Event Category: None
>> Event ID: 100
>> Date: 3/11/2009
>> Time: 1:23:57 PM
>> User: N/A
>> Computer: TGCS002
>> Description:
>> The server was unable to logon the Windows NT account 'Administrator' due
>> to
>> the following error: Logon failure: unknown user name or bad password.
>> The
>> data is the error code.
>>
>>
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>> Data:
>> 0000: 2e 05 00 00 ....
>>
>>
>>
>> Any ideas on why I am getting this?
>>
>>
>>
>> Thanks
>>
>>
>>
>> Tom
>>
>>
>
>

You might review these ones or try asking them here.
microsoft.public.inetserver.iis.ftp

http://support.microsoft.com/default...b;en-us;323384
http://support.microsoft.com/default...b;en-us;285806



--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect


"Thomas R Grassi Jr" wrote:
> DAve thanks for responding
>
> Do you mean the administrator userid account?
> I only have two services starting up with that account and they are online
> and working. I even stopped the service and restarted the service and they
> started. I know that is not a good practice but I need to do that I am not
> overly woried about the security issue at this point just need things to
> work if you know what I mean.
>
> I have googled this error even on eventid site and nothing seems to fit.
> It is very stange. Currently I have the FTP service stopped. By the way
> the FTP service is starting with Local System Account the same as a lot of
> other services.
>
> Any other thoughts?
>
> Thanks
>
> Tom
> "Dave Patrick" <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
>> Probably some service was configured to run with the admin account and
>> the password expired or was changed.
>>
>>
>> --
>>
>> Regards,
>>
>> Dave Patrick ....Please no email replies - reply in newsgroup.
>> Microsoft Certified Professional
>> Microsoft MVP [Windows]
>> http://www.microsoft.com/protect
>>
>>
>> "Thomas R Grassi Jr" wrote:
>>> Windows 2003 R2 Standard Dc Server SP2
>>> IIS6 with FTP installed
>>>
>>> I keep getting this event over and over
>>>
>>> Event Type: Warning
>>> Event Source: MSFTPSVC
>>> Event Category: None
>>> Event ID: 100
>>> Date: 3/11/2009
>>> Time: 1:23:57 PM
>>> User: N/A
>>> Computer: TGCS002
>>> Description:
>>> The server was unable to logon the Windows NT account 'Administrator'
>>> due to
>>> the following error: Logon failure: unknown user name or bad password.
>>> The
>>> data is the error code.
>>>
>>>
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>> Data:
>>> 0000: 2e 05 00 00 ....
>>>
>>>
>>>
>>> Any ideas on why I am getting this?
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> Tom
>>>
>>>
>>
>>
>
>

Dave

Thanks for the info

Yes I did post this on the FTP NG but none evers responds on it

This NG is much better


I already did review those KB articles But I will revierw them again thanks.

thanks

tom
"Dave Patrick" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> You might review these ones or try asking them here.
> microsoft.public.inetserver.iis.ftp
>
> http://support.microsoft.com/default...b;en-us;323384
> http://support.microsoft.com/default...b;en-us;285806
>
>
>
> --
>
> Regards,
>
> Dave Patrick ....Please no email replies - reply in newsgroup.
> Microsoft Certified Professional
> Microsoft MVP [Windows]
> http://www.microsoft.com/protect
>
>
> "Thomas R Grassi Jr" wrote:
>> DAve thanks for responding
>>
>> Do you mean the administrator userid account?
>> I only have two services starting up with that account and they are
>> online and working. I even stopped the service and restarted the service
>> and they started. I know that is not a good practice but I need to do
>> that I am not overly woried about the security issue at this point just
>> need things to work if you know what I mean.
>>
>> I have googled this error even on eventid site and nothing seems to fit.
>> It is very stange. Currently I have the FTP service stopped. By the way
>> the FTP service is starting with Local System Account the same as a lot
>> of other services.
>>
>> Any other thoughts?
>>
>> Thanks
>>
>> Tom
>> "Dave Patrick" <(E-Mail Removed)> wrote in message
>> news:%(E-Mail Removed)...
>>> Probably some service was configured to run with the admin account and
>>> the password expired or was changed.
>>>
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Dave Patrick ....Please no email replies - reply in newsgroup.
>>> Microsoft Certified Professional
>>> Microsoft MVP [Windows]
>>> http://www.microsoft.com/protect
>>>
>>>
>>> "Thomas R Grassi Jr" wrote:
>>>> Windows 2003 R2 Standard Dc Server SP2
>>>> IIS6 with FTP installed
>>>>
>>>> I keep getting this event over and over
>>>>
>>>> Event Type: Warning
>>>> Event Source: MSFTPSVC
>>>> Event Category: None
>>>> Event ID: 100
>>>> Date: 3/11/2009
>>>> Time: 1:23:57 PM
>>>> User: N/A
>>>> Computer: TGCS002
>>>> Description:
>>>> The server was unable to logon the Windows NT account 'Administrator'
>>>> due to
>>>> the following error: Logon failure: unknown user name or bad password.
>>>> The
>>>> data is the error code.
>>>>
>>>>
>>>>
>>>> For more information, see Help and Support Center at
>>>> http://go.microsoft.com/fwlink/events.asp.
>>>> Data:
>>>> 0000: 2e 05 00 00 ....
>>>>
>>>>
>>>>
>>>> Any ideas on why I am getting this?
>>>>
>>>>
>>>>
>>>> Thanks
>>>>
>>>>
>>>>
>>>> Tom
>>>>
>>>>
>>>
>>>
>>
>>
>
>

In news:%23IWSO$(E-Mail Removed),
Thomas R Grassi Jr <(E-Mail Removed)>, posted the following:
> Windows 2003 R2 Standard Dc Server SP2
> IIS6 with FTP installed
>
> I keep getting this event over and over
>
> Event Type: Warning
> Event Source: MSFTPSVC
> Event Category: None
> Event ID: 100
> Date: 3/11/2009
> Time: 1:23:57 PM
> User: N/A
> Computer: TGCS002
> Description:
> The server was unable to logon the Windows NT account 'Administrator'
> due to the following error: Logon failure: unknown user name or bad
> password. The data is the error code.
>

Hi Thomas,

I see these often when an active, Internet-facing FTP server is running.
Many pubsters (FTP pirates) will scan public IPs for FTP services that
respond on the default ports. When they find one, they amass attacks to try
to get in, one of which is a dictionary attack. One of the user names they
use in a dictionary attack is the common Windows administrator account. It
is actually recommended to change the administrator account name, but many
don't. No big deal, sometimes I don't either. But when you see these,
someone is knocking trying to get in. If you don't need FTP services,
disable the service or remove it in Add/Remove, Windows Components.


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer
(E-Mail Removed)

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

The error 100 is still happening over and over again

This makes no sense

Need help on this one

thanks

Tom
"Thomas R Grassi Jr" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Dave
>
> Thanks for the info
>
> Yes I did post this on the FTP NG but none evers responds on it
>
> This NG is much better
>
>
> I already did review those KB articles But I will revierw them again
> thanks.
>
> thanks
>
> tom
> "Dave Patrick" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> You might review these ones or try asking them here.
>> microsoft.public.inetserver.iis.ftp
>>
>> http://support.microsoft.com/default...b;en-us;323384
>> http://support.microsoft.com/default...b;en-us;285806
>>
>>
>>
>> --
>>
>> Regards,
>>
>> Dave Patrick ....Please no email replies - reply in newsgroup.
>> Microsoft Certified Professional
>> Microsoft MVP [Windows]
>> http://www.microsoft.com/protect
>>
>>
>> "Thomas R Grassi Jr" wrote:
>>> DAve thanks for responding
>>>
>>> Do you mean the administrator userid account?
>>> I only have two services starting up with that account and they are
>>> online and working. I even stopped the service and restarted the service
>>> and they started. I know that is not a good practice but I need to do
>>> that I am not overly woried about the security issue at this point just
>>> need things to work if you know what I mean.
>>>
>>> I have googled this error even on eventid site and nothing seems to fit.
>>> It is very stange. Currently I have the FTP service stopped. By the way
>>> the FTP service is starting with Local System Account the same as a lot
>>> of other services.
>>>
>>> Any other thoughts?
>>>
>>> Thanks
>>>
>>> Tom
>>> "Dave Patrick" <(E-Mail Removed)> wrote in message
>>> news:%(E-Mail Removed)...
>>>> Probably some service was configured to run with the admin account and
>>>> the password expired or was changed.
>>>>
>>>>
>>>> --
>>>>
>>>> Regards,
>>>>
>>>> Dave Patrick ....Please no email replies - reply in newsgroup.
>>>> Microsoft Certified Professional
>>>> Microsoft MVP [Windows]
>>>> http://www.microsoft.com/protect
>>>>
>>>>
>>>> "Thomas R Grassi Jr" wrote:
>>>>> Windows 2003 R2 Standard Dc Server SP2
>>>>> IIS6 with FTP installed
>>>>>
>>>>> I keep getting this event over and over
>>>>>
>>>>> Event Type: Warning
>>>>> Event Source: MSFTPSVC
>>>>> Event Category: None
>>>>> Event ID: 100
>>>>> Date: 3/11/2009
>>>>> Time: 1:23:57 PM
>>>>> User: N/A
>>>>> Computer: TGCS002
>>>>> Description:
>>>>> The server was unable to logon the Windows NT account 'Administrator'
>>>>> due to
>>>>> the following error: Logon failure: unknown user name or bad password.
>>>>> The
>>>>> data is the error code.
>>>>>
>>>>>
>>>>>
>>>>> For more information, see Help and Support Center at
>>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>> Data:
>>>>> 0000: 2e 05 00 00 ....
>>>>>
>>>>>
>>>>>
>>>>> Any ideas on why I am getting this?
>>>>>
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>>
>>>>>
>>>>> Tom
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
>

In news:(E-Mail Removed),
Thomas R Grassi Jr <(E-Mail Removed)>, posted the following:
> The error 100 is still happening over and over again
>
> This makes no sense
>
> Need help on this one
>
> thanks
>
> Tom

Tom,

I guess my post wasn't helpful?

Ace

Ace

Yes it was I went to bed early last night

I would have thought that these types of messages would be in the security
log not the application log.

But I did stop the service for now

Is there any way to stop this from happening? is there a FTP security
program or something like that?

Thanks

Tom
"Ace Fekay [Microsoft Certified Trainer]" <(E-Mail Removed)>
wrote in message news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Thomas R Grassi Jr <(E-Mail Removed)>, posted the following:
>> The error 100 is still happening over and over again
>>
>> This makes no sense
>>
>> Need help on this one
>>
>> thanks
>>
>> Tom
>
> Tom,
>
> I guess my post wasn't helpful?
>
> Ace
>
>
>

On Mar 17, 10:10*am, "Thomas R Grassi Jr" <thomasgra...@hotmail.com>
wrote:
> Ace
>
> Yes it was I went to bed early last night
>
> I would have thought that these types of messages would be in the security
> log not the application log.
>
> But I did stop the service for now
>
> Is there any way to stop this from happening? is there a FTP security
> program or something like that?

If you rename your Adminstrator account then it won't stop these
messages, but you can comfortably ignore them.

There is no way to stop people attempting to hack FTP or any other
type of site, all you can do is rely on the security of the server.
The fact that you are getting these messages means that the attempt
has failed.

Personally, I would not use the FTP server built into IIS, unless I
specifically needed to authenticate FTP users through local machine or
domain security. There are any number of third-party FTP servers which
do a better job
and provide more options with regard to user accounts. You could look
at the Filezilla server, which allows multiple accounts with their own
security settings and private folders, and also allows you to use SFTP
which
works like SSL on a web server, encrypting the traffic between an SFTP
able client and the server.

Alister