Windows Server 2008 Audit Failure Event 4625

• Thursday, January 03, 2013 10:39 AM

   

   
  

  0

  Hello I have many of those events, about 10 per seconds and for about 15 minutes.

  An account failed to log on.
  
  Subject:
  	Security ID:		SYSTEM
  	Account Name:		WIN-ML7A3VSKKVU$
  	Account Domain:		WORKGROUP
  	Logon ID:		0x3e7
  
  Logon Type:			8
  
  Account For Which Logon Failed:
  	Security ID:		NULL SID
  	Account Name:		root
  	Account Domain:		
  
  Failure Information:
  	Failure Reason:		Unknown user name or bad password.
  	Status:			0xc000006d
  	Sub Status:		0xc0000064
  
  Process Information:
  	Caller Process ID:	0x444
  	Caller Process Name:	C:\Windows\System32\svchost.exe
  
  Network Information:
  	Workstation Name:	WIN-ML7A3VSKKVU
  	Source Network Address:	-
  	Source Port:		-
  
  Detailed Authentication Information:
  	Logon Process:		Advapi  
  	Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  	Transited Services:	-
  	Package Name (NTLM only):	-
  	Key Length:		0
  

  I'm try to identify the source of the problem, I have checked the services but I didn't find anything strange, I compared the running services with other severs and they are the same. The only thing that I have found is a task in windows scheduler for windows defender and it starts exactly a few seconds before the audit failures. When I start the task it doesn't generate any exception and it runs for less than a minute.

  Thanks

  • Reply
  • Quote