Event ID 4625

B

Bev S

Our domain server is getting an event ID 4625 in the Security log every 20 minutes or so. From my research, I think this is a local service on the server that is causing the issue, but am hoping you can help narrow down the cause. Is there a way to determine the Caller Process ID? Here is the event from the Security Log. Thanks for your assistance.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 2/26/2020 3:40:39 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: Server.domain.local

Description:

An account failed to log on.


Subject:

Security ID: SYSTEM

Account Name: SERVER$

Account Domain: Domain

Logon ID: 0x3E7


Logon Type: 3


Account For Which Logon Failed:

Security ID: NULL SID

Account Name:

Account Domain:


Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xC000006D

Sub Status: 0xC0000064


Process Information:

Caller Process ID: 0x294

Caller Process Name: C:\Windows\System32\lsass.exe


Network Information:

Workstation Name: SERVER

Source Network Address: -

Source Port: -


Detailed Authentication Information:

Logon Process: Schannel

Authentication Package: Kerberos

Transited Services: -

Package Name (NTLM only): -

Key Length: 0



Bev S

Continue reading...
 
You must log in or register to reply here.

Similar threads

F
SYSTEM INTEGRITY AUDIT FAILURE Account Name: LOCAL SERVICE Account Domain: NT AUTHORITY
Replies
0
Views
8
Fire Ant1
F
C
Failed Attempts - RDS Server
Replies
0
Views
19
Chris Rivera3
C
P
What is the difference of the successful run of the same app but one works other does not work - File share Event viewer
Replies
0
Views
57
PZac-CAN
P
J
Event ID 5158 (Filtering Platform Connection) filling up Security Log
Replies
0
Views
54
Jim-Old
J
A
Weird Activities On Windows Security Logs In Event Viewer
Replies
0
Views
27
Ai Vo
A
Back
Top Bottom