Event ID - 540

Event Id540
SourceSecurity
DescriptionSuccessful Network Logon:

User Name: <User Name>
      Domain: <Domain>
      Logon ID: <Logon ID>
      Logon Type: <Logon Type>
      Logon Process: <Logon Process>
      Authentication Package: <Authentication Package>
      Workstation Name: <Workstation Name>
      Logon GUID: <Logon GUID>
      Caller User Name: <Caller User Name>
      Caller Domain: <Caller Domain>
      Caller Logon ID: <Caller Logon ID>
      Caller Process ID: <Caller Logon ID>
      Transited Services: <Transited Services>
      Source Network Address: <Source Network Address>
      Source Port: <Source Port>
     
Event InformationCause:
A logon session was created for the user. The message contains the Logon ID, a number that is generated when a user logs on to a computer. The Logon ID that is assigned to a logon session is unique to that logon session until the computer is restarted, at which point the Logon ID may be reused. The Logon ID can be used to correlate a logon message with other messages, such as object access messages.

Resolution:
No user action is required.
Reference LinksAlternate Event ID in Vista and Windows Sever 2008 is 4634.

Tracking Logon and Logoff Activity in Windows 2000 (Article)

Tracking User Activities (White Paper)

HOW TO: Troubleshoot Kerberos-Related Issues in IIS

Using Basic Authentication to Generate Kerberos Tokens

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh