Event ID 4625

B

Bev S

Our domain server is getting an event ID 4625 in the Security log every 20 minutes or so. From my research, I think this is a local service on the server that is causing the issue, but am hoping you can help narrow down the cause. Is there a way to determine the Caller Process ID? Here is the event from the Security Log. Thanks for your assistance.

Log Name: Security

Source: Microsoft-Windows-Security-Auditing

Date: 2/26/2020 3:40:39 PM

Event ID: 4625

Task Category: Logon

Level: Information

Keywords: Audit Failure

User: N/A

Computer: Server.domain.local

Description:

An account failed to log on.


Subject:

Security ID: SYSTEM

Account Name: SERVER$

Account Domain: Domain

Logon ID: 0x3E7


Logon Type: 3


Account For Which Logon Failed:

Security ID: NULL SID

Account Name:

Account Domain:


Failure Information:

Failure Reason: Unknown user name or bad password.

Status: 0xC000006D

Sub Status: 0xC0000064


Process Information:

Caller Process ID: 0x294

Caller Process Name: C:\Windows\System32\lsass.exe


Network Information:

Workstation Name: SERVER

Source Network Address: -

Source Port: -


Detailed Authentication Information:

Logon Process: Schannel

Authentication Package: Kerberos

Transited Services: -

Package Name (NTLM only): -

Key Length: 0



Bev S

Continue reading...
 
You must log in or register to reply here.

Similar threads

P
What is the difference of the successful run of the same app but one works other does not work - File share Event viewer
Replies
0
Views
39
PZac-CAN
P
J
Event ID 5158 (Filtering Platform Connection) filling up Security Log
Replies
0
Views
35
Jim-Old
J
S
A specific user logs in normally and after 30 minutes the user gets locked out.
Replies
0
Views
42
SalmaTamerr
S
F
my game keeps crashing heres the event properties
Replies
0
Views
23
Fredis Arias
F
N
netjoin event id 4097 error code 1355 using windows provisioning package.
Replies
0
Views
23
Nr2Stonehill
N
Back
Top Bottom