Notification

Icon
Error

Lansweeper attempts egregious number of logins

Posted: Thursday, July 9, 2020 5:47:22 PM(UTC)
dc74

dc74

Member Original PosterPosts: 1
0
Like
Hello all,

I'm having an issue with a program called splunk along with lansweeper. We are currently getting upwards of 100,000+ event triggers caused by our lansweeper account evidently trying to login to a few servers. An example of one of the splunk alerts follows:

Quote:
Jul 8 09:54:17 <IP Address> Jul 8 13:54:13 SEC02 ossec: Alert Level: 3; Rule: 18107 - Windows Logon Success.; Location: (<Azure Server 2>) any->WinEvtLog; user: <Lansweeper account>; 2020 Jul 08 09:54:10 WinEvtLog: Security: AUDIT_SUCCESS(4624): Microsoft-Windows-Security-Auditing: <Lansweeper account>: <Company Name>: <azure server 2. company name.com>: An account was successfully logged on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 New Logon: Security ID: S-1-5-21-796845957-1078145449-725345543-35416 Account Name: <Lansweeper Account> Account Domain: <company name> Logon ID: 0xe4bfe94 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x0 Process Name: - Network Information: Workstation Name: <Lansweeper Server> Source Network Address:<IP Address> Source Port: <port> Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): NTLM V2 Key Length: 128


This is one of 3 nearly identical emails received in the same millisecond. Additionally, when I try to scan the servers in question on the Lansweeper console I get this error message:

Quote:
ActiveDirectory_DomainService Event 1481 Directory Service <company name>\<Lansweeper account name> 07/09/2020 12:06:11

Internal error: The operation on the object failed.

Additional Data
Error value:
2 0000208D: NameErr: DSID-03100213, problem 2001 (NO_OBJECT), data 0, best match of:
''


For security reasons I have not attached errorlog.txt yet.

I have a ticket in with Lansweeper support, but have not heard back from them yet. This is a pressing issue, so I'm coming to the forums with it.
FrankSc
#1FrankSc Member Administration Posts: 43  
posted: 7/10/2020 2:54:11 PM(UTC)
Hi,

As also answered in the ticket you created, we don't expect these types of alerts to be generated by Lansweeper. To isolate this you could change the password for this account in Lansweeper only, this could clarify the origin of the alerts.

Active Discussions

Lansweeper Report - Request
by  nyra_mtobias   Go to last post Go to first unread
Last post: Yesterday at 8:05:31 PM(UTC)
Lansweeper Software: Changes in the last 24 hours
by  alex_vi_42   Go to last post Go to first unread
Last post: Yesterday at 1:37:44 PM(UTC)
Lansweeper All Users with LastLogon Computer
by  dukedizel  
Go to last post Go to first unread
Last post: Yesterday at 10:12:48 AM(UTC)
Lansweeper Total by Asset State
by  compuag   Go to last post Go to first unread
Last post: Yesterday at 12:14:13 AM(UTC)
Lansweeper Computers with Anti-virus out of date
by  ddanks  
Go to last post Go to first unread
Last post: 8/13/2020 9:44:09 PM(UTC)
Lansweeper Count of each browser installed
by  AllSeeingEye   Go to last post Go to first unread
Last post: 8/12/2020 2:44:48 PM(UTC)
Lansweeper Custom Reports Email Question
by  muffintopman  
Go to last post Go to first unread
Last post: 8/12/2020 1:57:58 PM(UTC)