Event Details
Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->Logon/Logoff->EventID 529 - Logon Failure - Unknown user name or bad password [Win 2003]
EventID 529 - Logon Failure - Unknown user name or bad password [Win 2003]
Indicates that a user failed to log on due to unknown user name or bad password.

The person with administrative rights for the computer should establish a threshold limit for attempted log ons. Attempts in excess of the limit should be investigated as a possible attempt to break into the computer

For explanation of the values of some fields please refer to the corresponding links below:

Find more information about this event on ultimatewindowssecurity.com.

    Corresponding events on other OS versions:

    Windows 2000 / XP
    Windows 2008
            Event Type:     Failure Audit
            Event Source:   Security
            Event Category: Logon/Logoff
            Event ID:       529
            Date:           10/26/2009
            Time:           07:39:56
            User:           NT AUTHORITY\SYSTEM
            Computer:       DC1
            Logon Failure:
            Reason:		Unknown user name or bad password
            User Name:	Paul
            Domain:		RESEARCH
            Logon Type:	2
            Logon Process:	seclogon
            Authentication Package:	Negotiate
            Workstation Name:	DC1
            Caller User Name:	Alebovsky
            Caller Domain:	RESEARCH
            Caller Logon ID:	(0x0,0x59DF36)
            Caller Process ID:	880
            Transited Services:	-
            Source Network Address:	-
            Source Port:	-
    Log Type: Windows Event Log
     Uniquely Identified By:
    Log Name: Security
    Filtering Field Equals to Value
    OSVersion Windows 2003
    Source Security
    Category Logon/Logoff
    EventId 529
    Field Matching
    FieldDescriptionStored inSample Value
    DateTime Date/Time of event origination in GMT format. DateTime 10.10.2000 19:00:00
    Source Name of an Application or System Service originating the event. Source Security
    Type Warning, Information, Error, Success, Failure, etc. Type Success
    User Domain\Account name of user/service/computer initiating event. User RESEARCH\Alebovsky
    Computer Name of server workstation where event was logged. Computer DC1
    EventID Numerical ID of event. Unique within one Event Source. EventId 576
    Description The entire unparsed event message. Description Special privileges assigned to new logon.
    Log Name The name of the event log (e.g. Application, Security, System, etc.) LogName Security
    Category A name for a subclass of events within the same Event Source. Category Logon/Logoff
    Domain Domain of the account for which logon is requested. InsertionString2 RESEARCH
    User Name Account name of the user logging in InsertionString1 Paul
    Logon Type Interactive, Network, Batch, etc. Please find the code descriptions here. InsertionString3 2
    Logon Process The program executable that processed the logon. Please find full logon processes list here. InsertionString4 seclogon
    Authentication Package The name of the authentication package (method) used to check user credentials (e.g. NTLM or Kerberos). Please find full authentication packages list here. InsertionString5 Negotiate
    Workstation Name The NetBIOS name of the remote computer that originated the logon request InsertionString6 DC1
    Caller User Name Account name of the user requesting the logon (not the user that attempted logon). Normally it is empty or displays the service principal name. InsertionString7 Alebovsky
    Caller Domain Domain name of the account mentioned in the "Caller User Name" field InsertionString8 RESEARCH
    Caller Logon ID ID of the logon session of the account mentioned in the "Caller User Name" field. Useful for tracking other activity of this account within the same logon session. InsertionString9 (0x0,0x59DF36)
    Caller Process ID ID of the process initiating the logon request InsertionString10 880
    Transited Services Indicates which intermediate services have participated in this logon request InsertionString11 -
    Source Network Address The IP address of the remote computer that originated the logon request InsertionString12 -
    Source Port The source TCP port of the remote computer that originated the logon request InsertionString13 -
    You must be logged in to comment