NT Security Logs and Oracle

We are running OWS 7.3.3 on NT 3.51. Reviewing my NT security event logs, I see many failed logons. The relatively few successful logons are for DBAs logging on at the server console or mapping a network drive from their desktop to the server.

The failed logons are invariably due to "unknown user name or password." The pattern of these (and some of the userids) suggest that they are occurring every time an application connects to one of the Oracle databases. Oracle is not rejecting the logons, and if I hadn't looked at the NT Security Log, there would have been no clue that anything is amiss.

The server is not used as a file server. Only a small number of administrators have userids on the machine. While the database server is an NT machine, our file and apps servers and network control is Novell. To my knowledge, the DB server does not belong to any of the Novell domains.

In the event log record Event Detail section, the user is always 'NT AUTHORITY/SYSTE' and Source = Security. In the Description section, the user name can be any normal user name, Logon Type = 3, Logon Process = NTLanMan, and Authentication Package =
MICROSOFT_AUTHENTICATION_PACKAGE_V1_0. We are NOT using OS security for our databases. These leaves me with 2 questions:

1. Why is Oracle trying to initiate an NT logon whenever an application connects to a database?
2. Since Oracle *is* requesting the logon, why is it ignoring the fact that it is being rejected?

Please reply to the e-mail address below (not the one originating this msg). I cannot access newsgroups from the office and have to forward msgs thru my personal email account to get them to the newsgroup.

• Ed Stevens E-mail: Ed.Stevens_at_NMM.Nissan-USA.com