B
Bev S
Our domain server is getting an event ID 4625 in the Security log every 20 minutes or so. From my research, I think this is a local service on the server that is causing the issue, but am hoping you can help narrow down the cause. Is there a way to determine the Caller Process ID? Here is the event from the Security Log. Thanks for your assistance.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/26/2020 3:40:39 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Server.domain.local
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: SERVER$
Account Domain: Domain
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x294
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: SERVER
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Bev S
Continue reading...
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 2/26/2020 3:40:39 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: Server.domain.local
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: SERVER$
Account Domain: Domain
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC0000064
Process Information:
Caller Process ID: 0x294
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: SERVER
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Schannel
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Bev S
Continue reading...