NT Authority\Anonymouslogon?? RRS feed

  • Question

  • ok so i was just wandering im looking in the event viewer in the security section and 90% of the logs are the "NT Authority\Anonoymouslogon"
    1 what is this to begin with?

    2 i think im made a correlation with this and an error.
        a) i have a MRxSub error. "
    "The master browser has received a server announcement from the computer JEG
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A1E79D2C-E9C7-4662-8658. The master browser is stopping or an election is being forced."

    B) if im not mistaken this is a "probe" if you will that trys to determine if its the master browser. and the Nt authority\anonoymouslogon is a service to do with the browing for clients
    am i right?

    i do think that im not able to actually fix this error because i live in a dorm and i cant control the switches and the routers
    am i right?

    what i was looking to do was disable this  by doin this


    will this hurt anything if i do?

    There are 10 differents kinds of people in the world those who understand binary those who dont
    Friday, February 20, 2009 3:53 PM

All replies

  • The NTAUTHORITY\ANONYMOUS LOGON messages are because your server's Remote Access web site is being accessed. When you access it via e.g. http://server or http://myserver.homeserver.com the initial access is done "anonymously". This is completely harmless and everything is working as designed.

    The MRxSub "error" is actually a warning that there is more than one computer on your network segment that believes it's the NetBIOS Browse Master; the two computers perform an "election", and one wins and becomes the browse master. You should ignore it; alternatively you can turn off the appropriate service (Computer Browser; set it to "disabled") on your server and it will no longer attempt to make itself the Browse Master. The designation of what is a "warning" vs an "error" is somewhat haphazard; this really shouldn't be recorded as an error IMO, but it is.

    I would not advise you to apply that patch to your server. As far as I can see it has nothing to do with the issues you describe.
    I'm not on the WHS team, I just post a lot. :)
    Friday, February 20, 2009 4:32 PM
  • ok i get it now but...what i dont get is literally about 90% of those logs are the NTAUTHORITY\ANONYMOUSLOGON is it actual people going to it or is it like bots discovering that its there?

    because i only gave access to about 30 people in my dorm to it. also i am not able to access it outside of campus, so i know its not trying to get hacked or anything because i see no failed logon attempts or anything.

    There are 10 differents kinds of people in the world those who understand binary those who dont
    Friday, February 20, 2009 6:04 PM