R
Ravinder Chamoli
Guest
This Event Id Which I am getting
===================================================================
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/17/2018 9:35:44 PM
Event ID: 4625
Task Category: <g class="gr_ gr_110 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="110" id="110">Logon</g>
Level: Information
Keywords: Audit Failure
User: N/A
Computer: WIN-APP05.CS.com
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: WIN-APP05$
Account Domain: CS
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Amit
Account Domain: CS
Failure Information:
Failure Reason: An Error <g class="gr_ gr_106 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="106" id="106">occured</g> during Logon.
Status: 0xC000015A
Sub Status: 0x0
Process Information:
Caller Process ID: 0x2590
Caller Process Name: C:\Program Files\avs\bin\avtar.exe
Network Information:
Workstation Name: WIN-APP05
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Authz
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a <g class="gr_ gr_107 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="107" id="107">logon</g> request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the <g class="gr_ gr_109 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="109" id="109">logon</g>. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the <g class="gr_ gr_104 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="104" id="104">logon</g>.
The Network Information fields indicate where a remote <g class="gr_ gr_108 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="108" id="108">logon</g> request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this <g class="gr_ gr_105 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="105" id="105">logon</g> request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
==============================================================================
Please let us know how to fix the issue and expain what is the excally issue.
Thanks,
Ravinder Chamoli
Ravinder chamoli
Continue reading...
===================================================================
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 4/17/2018 9:35:44 PM
Event ID: 4625
Task Category: <g class="gr_ gr_110 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="110" id="110">Logon</g>
Level: Information
Keywords: Audit Failure
User: N/A
Computer: WIN-APP05.CS.com
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: WIN-APP05$
Account Domain: CS
Logon ID: 0x3E7
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: Amit
Account Domain: CS
Failure Information:
Failure Reason: An Error <g class="gr_ gr_106 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del multiReplace" data-gr-id="106" id="106">occured</g> during Logon.
Status: 0xC000015A
Sub Status: 0x0
Process Information:
Caller Process ID: 0x2590
Caller Process Name: C:\Program Files\avs\bin\avtar.exe
Network Information:
Workstation Name: WIN-APP05
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Authz
Authentication Package: Kerberos
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a <g class="gr_ gr_107 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="107" id="107">logon</g> request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the <g class="gr_ gr_109 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="109" id="109">logon</g>. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the <g class="gr_ gr_104 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="104" id="104">logon</g>.
The Network Information fields indicate where a remote <g class="gr_ gr_108 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="108" id="108">logon</g> request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this <g class="gr_ gr_105 gr-alert gr_spell gr_inline_cards gr_disable_anim_appear ContextualSpelling ins-del" data-gr-id="105" id="105">logon</g> request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
==============================================================================
Please let us know how to fix the issue and expain what is the excally issue.
Thanks,
Ravinder Chamoli
Ravinder chamoli
Continue reading...