Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Friday, October 28, 2016 2:22 PM
I have an issue with one user whose AD account seems to keep getting locked out whenever he is on the network. The event log on the NPS server logs this:
Audit Failure 10/28/2016 9:17:18 AM Microsoft-Windows-Security-Auditing 4625 Logon "An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: NPS01$
Account Domain: USA
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: ruser
Account Domain: USA
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A
Process Information:
Caller Process ID: 0x39c
Caller Process Name: C:\Windows\System32\svchost.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: CHAP
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
I traced the bad password attempts to the DC, and the DC points to NPS server. The NPS server only deals with wireless and he is working from LAN. His wireless may be auto connecting and uses computer authentication to connect to network so I am not sure why it is trying to connect with his domain account...
The domain controller reports this error at the time:
[LOGON] USA: SamLogon: Transitive Network logon of USA\ruser from (via NPS01) Returns 0xC000006A
Let me know if you need more info. I can not seem to track down exactly what is causing the bad password attempt.
All replies (2)
Monday, October 31, 2016 5:54 AM âś…Answered
Hi Hova,
>> I traced the bad password attempts to the DC, and the DC points to NPS server
Did you mean that the user account and password could be logon on DC or other domain servers?
>>I have an issue with one user whose AD account seems to keep getting locked out whenever he is on the network.
Have you checked if state of user account was locked out?
Please try to fix issue by following article below:
The Security event that has Event ID 4625 does not contain the user account name on a computer that is running Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2
https://support.microsoft.com/en-us/kb/2157973
Best Regards
John
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 7, 2016 2:53 AM
Hi,
Just want to confirm the current situations.
Please feel free to let us know if you need further assistance.
Best Regards,
John
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].