Event ID 4625

B

Bev S

Our domain server is getting an event ID 4625 in the Security log every 20 minutes or so. From my research, I think this is a local service on the server that is causing the issue, but am hoping you can help narrow down the cause. Is there a way to determine the Caller Process ID? Here is the event from the Security Log. Thanks for your assistance.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 2/26/2020 3:40:39 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: Server.domain.local

Description:

An account failed to log on.


Subject:

Security ID: SYSTEM

Account Name: SERVER$

Account Domain: Domain

Logon ID: 0x3E7


Logon Type: 3


Account For Which Logon Failed:

Security ID: NULL SID

Account Name:

Account Domain:


Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xC000006D

Sub Status: 0xC0000064


Process Information:

Caller Process ID: 0x294

Caller Process Name: C:\Windows\System32\lsass.exe


Network Information:

Workstation Name: SERVER

Source Network Address: -

Source Port: -


Detailed Authentication Information:

Logon Process: Schannel

Authentication Package: Kerberos

Transited Services: -

Package Name (NTLM only): -

Key Length: 0



Bev S

Continue reading...
 
Back
Top Bottom