Audit failures server 2008

Posted on 2010-01-07
Last Modified: 2012-05-08
I have a Server 2008 sp1 Standard 32bit used for hosting websites with many ips.  I am getting 4 audit failures exactly every 5 minutes.  I'll post the particulars below.  There is no account name listed and just NULL SID for id.  The source network address is always one of the private ip for a hosted site and it is always in the same subnet. Can't figure this out. Thanks

An account failed to log on.

      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc000006a

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      -
      Source Network Address:
      Source Port:            57711

Detailed Authentication Information:
      Logon Process:            Kerberos
      Authentication Package:      Kerberos
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0

Provider[ Name] Microsoft-Windows-Security-Auditing
      [ Guid]       {54849625-5478-4994-a5ba-3e3b0328c30d}              
        EventID      4625       
        Version      0       
        Level      0       
        Task      12544       
        Opcode      0       
        Keywords      0x8010000000000000
-TimeCreated[ SystemTime]       2010-01-08T04:57:13.609Z            
        EventRecordID      2302825       
       [ ProcessID]       672              
       [ ThreadID]       1032              
       Channel      Security      
      SubjectUserSid      S-1-0-0      
      SubjectUserName      -       
      SubjectDomainName      -      
      SubjectLogonId      0x0       
      TargetUserSid      S-1-0-0       
      Status      0xc000006d       
      FailureReason      %%2313       
      SubStatus      0xc000006a       
      LogonType      3       
      LogonProcessName      Kerberos       
      AuthenticationPackageName      Kerberos       
      WorkstationName      -       
      TransmittedServices      -       
      LmPackageName      -       
      KeyLength      0       
      ProcessId      0x0       
      ProcessName      -       
      IpPort      57711       
Question by:smillion
    LVL 21

    Expert Comment


    Accepted Solution

    Well, the issue stopped abruptly this morning.  I can only corelate the turning on of another server that the server was replicating to.
    LVL 21

    Expert Comment


    If any of the above link resolved your issue then accept it, otherwise close this question by accepting your comments.

    Faraz H. Khan

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Too many email signature updates to deal with?

    Are you constantly visiting users’ desks making changes to email signatures? Feel like it’s taking up all of your time? Wish you could manage all signatures from one central location, easily design them and deploy them quickly to users? Well, there is an easy way!

    What is an ISAPI filter?   •      It's an assembly (.dll file) that can add or change the way IIS works.   •      They can be enabled globally for your web server or on a site-by-site basis.   When the IIS server receives a request, enabling the ISAPI fi…
    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now