MonitorWare Knowledge Base

Hi all ,

i have a windows 2003 server box with an Monitorware agent v2.1 on it.
The audit policy is set up to success and failure for the security type.
The problem is that:
Every five minutes, numerous event are generated. Those event are all from security source, their ID are 540,576 and 538.
i know that they are related to the network logon and to the Special privileges assigned to new logon. But it's very strange, the source of those network attempt is the IP adress from the box itself. And on every attempt the source port is increased by one. I first saw of any kind of attack spoofing my IP and trying to connect to the server. But after a bit of relexion, my paranoia has gone... The server is on DMZ...
this looks more like a sort of infinite loop, or a Windows bug(one more)...

Does anyone has the same symptom ?
Any help would be appreciated !! And i would like to keep the policy audit on

Hello Julien,

sorry for the delay
I've set up an 2k3 Srv Machine but couldn't reproduce your error yet.
But iam workin' on it
could you please send us your Settings of MWAgent ?
to do so do the following:

1. Go to Computer Menu -> Export Settings to Registry-file (not binary!)
2. Save it
3. Go to General Options -> Enable Debug Output (set it to maximum)
4. Let it run for some time, then disable the debug output
5. Forward this file also with the Registry-file to us

and please send it to support@adiscon.com

thanks


Regards,
Timm Herget