14 января 2011 г. 7:15
Many security events have been identified by the proxy stack.
In the past 50 seconds, 30 security events have been identified by the proxy stack. A large number of security events could indicate that the server is under attack. The last event was:
Text: Failed to validate user credentials
SIP-Start-Line: REGISTER sip:microsoft.com SIP/2.0
SIP-CSeq: 5 REGISTER
Cause: The server may be under attack, or there might be a configuration problem that is causing errors.
Launch the Logging Tool from the Office Communications Server Management Console. Select the "SIPStack" component, the "Errors" level and the TF_SECURITY flag. Review the events reported to the trace log using the "Analyze Log Files" feature of the logging tool.
For more information about the “Changes in NTLM Authentication” as it applies to Windows 2008 R2 and Windows 7 operating systems, please visit the following Microsoft Web site:Learn more about the changes in NTLM Authentication (http://technet.microsoft.com/pl-pl/library/dd566199(WS.10).aspx)
If you want to change the NTLM setting, follow these steps:
- Start secpol.msc on a Windows Server 2008 R2 operating system server.
- Выберите вариантЛокальные политики and then clickПараметры безопасности узел.
- Make sure that the following values of the policies are set to "No Minimum."
- Network Security: Minimum session security for NTLM SSP based (including secure RPC)
- Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers