Reason An Error Occurred During Logon
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeWindows 10Windows 10 MobilePrevious versionsMDOPSurfaceSurface HubLibraryForums Ask a question Quick access Forums home Browse forums users FAQ Search related threads Remove From My Forums Answered by: DC An error occured during logon Event ID: 4625 an error occured during logon 0xc000005e Windows Server > Directory Services Question 0 Sign in to vote Getting
An Error Occured During Logon 0xc000006d
frequent 4625 errors on *.company.com servers hosted on *.hyperv.internal domain. Makes no difference when uncheck Time synchronization in Hyper-V an error occured during logon 4625 VM settings. An account failed to log on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID:
Failure Reason: An Error Occured During Logon. Status: 0xc000006d Sub Status: 0x0
S-1-0-0 Account Name: SERVERSQL2$ Account Domain: COMPANY.COM Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc0000133 Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: - Source Network Address: 192.168.1.24 Source Port: 57673 Detailed Authentication Information: Logon Process: Kerberos Authentication Package: Kerberos Transited Services: - Package Name (NTLM only): - Key Length: 0 an error occurred during logon 0xc00005e This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.Nemanja Tuesday, June 12, 2012 2:17 PM Reply | Quote Answers 0 Sign in t
be down. Please try the request again. Your cache administrator is webmaster. Generated Wed, 26 Oct 2016 05:11:42 GMT by s_wx1126 (squid/3.5.20)
Message jwalzerjwalzer Posted 2/24/2011 10:32:53 AM Forum Member Group: Forum Members Last Login: 2/24/2012 7:49:27 http://forum.ultimatewindowssecurity.com/Topic606-168-1.aspx PM Posts: 26, Visits: 12 Randy, I'm seeing the following events: Account For Which Logon Failed: Security ID: NULL SID Account Name: computername$ Account Domain: Domainname Failure https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=537 Information: Failure Reason: An Error occured during Logon. Status: 0xc000006d Sub Status: 0x0 Something to worry about, or noise? Thx, Jeff Post #606 RandyFranklinSmithRandyFranklinSmith Posted 2/25/2011 8:08:11 an error AM Expert Group: Administrators Last Login: 4/20/2009 7:57:33 AM Posts: 329, Visits: 0 Jeff, this is just noise. I see it all the time Post #609 jwalzerjwalzer Posted 2/25/2011 8:56:55 AM Forum Member Group: Forum Members Last Login: 2/24/2012 7:49:27 PM Posts: 26, Visits: 12 Thx again Randy! Post #611 igorscauneigorscaune Posted 3/18/2011 5:26:38 AM an error occured Forum Newbie Group: Forum Members Last Login: 3/21/2011 4:28:13 PM Posts: 2, Visits: 4 Hi! I have a similar issue. I have lots of kerebros related failed logons, and I'm aware that it's not an issue. However lately I got some weird events with "administrator" as an user and I have no clue what's causing it. This event is logged once every ~30 minutes (even at night) with different ports. I'd appreciate any help. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 3/18/2011 10:38:42 AM Event ID: 4625 Task Category: Logon Level: Information Keywords: Audit Failure User: N/A Computer: myserver.mydomain.local Description: An account failed to log on. Subject: Security ID: NULL SID Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: NULL SID Account Name: Administrator Account Domain: MyDomain Failure Information: Failure Reason: An Error occured during Logon. Status: 0xc000006d Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name: - Networ
name 537: Logon failure - The logon attempt failed for other reasons. On this page Description of this event Field level details Examples Discuss this event Mini-seminars on this event Thanks toIsaac at Prism Microsystems (EventTracker) for this explanation: Event ID 537 is a generic logon failure that most of the time that I've seen it has a blank user name, to figure out what the true underlying cause of the logon failure you need to look at the Status Code and Substatus Code in the description. The codes that I see most often when talking to customers is: Status code: 0xC000006D Substatus code: 0xC0000133 These 2 codes indicate that the workstation clock is more than 5 mins out of sync with the Domain Controller. I have put together a blog entry on how to analyze event 537. Here's a link to the status codes at MSDN Free Security Log Quick Reference Chart Description Fields in 537 User Name: Domain: Logon Type: Logon Process: Authentication Package: Workstation Name: The following fields are added in Windows Server 2003: Caller User Name: Caller Domain: Caller Logon ID: Caller Process ID: Transited Services: Source Network Address: Source Port: Top 10 Windows Security Events to Monitor Examples of 537 Event Type: Failure Audit Event Source: Security Event ID:537 User:NT AUTHORITY\SYSTEM Computer: DC1 Description: Logon Failure: Reason: An error occurred during logon User Name: Domain: Logon Type: 3 Logon Process: Kerberos Authentication Package:Kerberos Workstation Name: - Status code: 0xC000006D Substatus code:0xC0000133 Caller User Name:- Caller Domain: - Caller Logon ID: - Caller Process ID:- Transited Services: - Source Network Address:192.168.1.144 Source Port: 0 Keep me up-to-date on the Windows Security Log. Email*: Bad email address *We will NOT share this Mini-Seminars Covering Event ID 537 Top 6 Security Events You Only Detect by Monitoring Workstation Security Logs Discussions on Event ID 537 • Event : 537 - Blank user name Upcoming Webinars 14 Group Policy Security Risks and How to Control them Deploying Honeynets Outside and Inside Your Network and Integration with Your SIEM Monitoring Active Directory Changes for Compliance: Top 32 Security Events IDs to Watch and What They Mean How to Audit Privileged Operations and Mailbox Access in Office 365 Exchange Online Additional Re