none
Personal laptop fails to connect to domain RRS feed

  • Question

  • Hello,

    I was going through some server logs today and noticed a bunch of 4625 events (Failed Logon). I decided read through them and notice that ever 10 minutes, like clock work, my personal laptop fails to authenticate against the DC using my Microsoft account 7 times. Now, I know my personal laptop is plugged into the network and it does use a Microsoft account, but why is it attempting to connect to the domain, and is there any way to stop it.

    I have already checked my laptop's event logs and there is nothing in there associated with those times, and there is no software that I use on my laptop that connects to any network computers. I only have my laptop connected for access to the internet, aside from that all of my work with the network and the server is done from my work issued computer.

    Thank you.

    Tuesday, September 19, 2017 2:39 PM

All replies

  • Hi,
    First of all, please scan your laptop system with antivirus software to see if it is affected.
    And in this case, I would suggest you have a try process monitor tool to capture the suspected process which is using Microsoft account to connect domain controller.
    You could download the tools from:
    Process Monitor v3.31 https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 20, 2017 3:13 AM
    Moderator
  • Hi there,

    Did you happen to use a domain resource previously from your laptop? (e.g. map to network folder or connect to network printer) it's possible that a persistent connection is trying to re-authenticate.

    Is there anything in the security log on the DC that can identify the traffic? (if you have access to that).

    Depending on how technical you are, you could also try something like wireshark on your local computer to see if you can identify when the authentication traffic happens and see if you can identify what it is.


    If this helped you please click "Vote As Helpful", if it answered your question please click "Mark As Answer"

    Georg Thomas | CISSP, CISM, CEH, GIAC, MCSE (Security)
    Twitter @georgathomas

    This forum post is my own opinion and does not reflect the opinion or view of my employer.

    Friday, September 22, 2017 6:24 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, September 25, 2017 7:33 AM
    Moderator