none
EVID 4776 can see user name but no workstation

    Question

  • Hi,

    Im getting countless logon failures on one of my Domain Controllers. All of the say the same:

    EventID            : 4776
    MachineName        : xxx.xxx.corp
    Data               : {}
    Index              : 1833032704
    Category           : (14336)
    CategoryNumber     : 14336
    EntryType          : FailureAudit
    Message            : TThe computer attempted to validate the credentials for an account.
                         Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
                         Logon Account:l21xxxx_xxxxx
                         Source Workstation:
                         Error Code:    0xc0000064
    Source             : Microsoft-Windows-Security-Auditing
    ReplacementStrings : {MICROSOFT_AUTHENTICATION_PACKAGE_V1_0, , , 0xc0000064}
    InstanceId         : 4776
    TimeGenerated      : 25-08-2013 12:52:15
    TimeWritten        : 25-08-2013 12:52:15
    UserName           : l21xxxx_xxxxx

    We have renamed the user name since then we are getting this error message would you please help to find more details about the same

    Wednesday, August 28, 2013 8:56 PM

Answers

  • Hi,

    Based on my research:

    1.    The Cause may be :

                 Internet proxy (ISA) was sending many NULL auth requests.

                Resolution

               Rebooted the proxy machine.

    2.    Enable Netlogon debug logging:

     

              A: run the following command:

                   nltest /dbflag:0x2080ffff

              Nltest is included as part of Windows Server 2008 and is also available as part of the Support Tools packages on the installation media for Windows Server 2003, Windows XP, and Windows 2000.

     

              B: Stop NetLogon, and then restart NetLogon.

     

    In addition, please reboot the server and check the result. And also please download the newest package and install it on the DC, and scan your DC with antivirus program.

    Regards,

    Yan Li


    Cataleya Li
    TechNet Community Support

    Friday, August 30, 2013 6:14 AM
    Moderator