Source: Microsoft Windows ws-security - Auditing
Date: 2020-12-08 9:14:07
Event ID: 4625
Task categories: login
Levels: information
Key words: audit failure
Filled by any user:
Computer: TCwebserver
Description:
Account login failed,
Topic:
Security ID: NULL SID
Account name: -
The account domain: -
Login ID: 0 x0
Login type: 3
Account login failure:
Security ID: NULL SID
Account name: BENJAMINCHAN
The account domain:
Failure information:
The reason for failure: unknown user name or password mistake,
Status: 0 xc000006d
Son: 0 xc0000064
Process information:
The caller process ID: 0 x0
The caller process name: -
Internet information:
The name of work:
The source IP address: -
Source port: -
The authentication information in detail:
The login process: NtLmSsp
The authentication packet: NTLM
Shipping service: -
Packets (NTLM only) : -
The key length: 0
Login request failed in trying to access the computer generated the event,
"Theme" indicates the local system request login account, it's usually a service (such as Server service) or local process (such as Winlogon. Exe or Services. Exe),
"Login type" field indicates the type of login, is one of the most common type 2 (interactive) and 3 (network),
"Process information" field shows that the system and processes the request which account login,
"Information network" indicates the remote login request from where, "work the name" is not always available, and in some cases may leave as blank,
"Authentication information" field to provide detailed information about this particular login request,
- "delivery service" indicate the direct service to participate in the login request,
- "packets," indicate the NTLM protocol used between the which child,
- "the key length" indicates that generated the length of the session key, if there is no request to the session key, then this field is 0,
Event Xml:
CodePudding user response:
Unknown user name or password mistake? The server crashed library?