Microsoft OCS 2007 R2 Result-Code: 0x80090302
-
14 января 2011 г. 7:15
Many security events have been identified by the proxy stack.
In the past 50 seconds, 30 security events have been identified by the proxy stack. A large number of security events could indicate that the server is under attack. The last event was:
$$begin_record
LogType: security
Text: Failed to validate user credentials
Result-Code: 0x80090302
SIP-Start-Line: REGISTER sip:microsoft.com SIP/2.0
SIP-Call-ID: d4121e30230f473687a0780b53c188ca
SIP-CSeq: 5 REGISTER
Data: gssapi-data="NTLMSSP.........r...............H.......H.......\...........U..B..(.....k..5.,..r......c....V+?..@....7r.Rz...+d.1...I8p........"
$$end_record
Cause: The server may be under attack, or there might be a configuration problem that is causing errors.
Resolution:
Launch the Logging Tool from the Office Communications Server Management Console. Select the "SIPStack" component, the "Errors" level and the TF_SECURITY flag. Review the events reported to the trace log using the "Analyze Log Files" feature of the logging tool.Resolution:
For more information about the “Changes in NTLM Authentication” as it applies to Windows 2008 R2 and Windows 7 operating systems, please visit the following Microsoft Web site:
Learn more about the changes in NTLM Authentication (http://technet.microsoft.com/pl-pl/library/dd566199(WS.10).aspx)
If you want to change the NTLM setting, follow these steps:- Start secpol.msc on a Windows Server 2008 R2 operating system server.
- Выберите вариантЛокальные политики and then clickПараметры безопасности узел.
- Make sure that the following values of the policies are set to "No Minimum."
- Network Security: Minimum session security for NTLM SSP based (including secure RPC)
- Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers
