for a workaround on this problem.
From a newsgroup post: "This event means than an anonymous caller tried to access the LSA policy database. In this case, since the first parameter is "LOCALCOMPUTERNAME", I'm assuming that it's coming from a service on the machine running as LocalService (or LocalSystem, if the machine is not domain joined). You could look at network Logon events (528/540, logon type 3) for "Anonymous" around the same time, to try to locate the logon and gather more information.
The event itself means that Windows did not disclose any information to the anonymous caller, so you only need to act on it if you're encountering some other symptom. However to make it go away, you need to find where it's coming from and have the application vendor issue a fix."