[Webinar] Streamline your web hosting managementRegister Today


event id 680 - Failure audit

Posted on 2010-01-11
Medium Priority
Last Modified: 2012-10-05
Hello gang and as always thanks for your time and expertise.
Here's my problem.  I work in a school and in one of our labs when a user tries to login (ctrl, alt, del) there's a message that reads as follows: the security log is full.  only an administrator can log in and clear this problem.
if I reboot the pcs in this lab, the message goes away.
in event viewer, we have an error code 680 and it relays the following information:
 Logon account:  Administrator
 Source Workstation: xxxx-RM101
 Error Code: 0xC000006A

Please help as this message causes a problem (again only in this particular lab) at least once a week or every two weeks.  Please let me know how to resolve this.  Much appreciated.

Question by:pendal1
  • 2
  • 2

Accepted Solution

himvy earned 501 total points
ID: 26286638
LVL 13

Assisted Solution

jaynir earned 999 total points
ID: 26287716
LVL 13

Assisted Solution

jaynir earned 999 total points
ID: 26287750
ID: 680
Source: Security

A program or service attempted to start with the logon credentials specified
in the message, which do not match the credentials of the current user. This
message is logged for informational purposes only.

User Action
No user action is required.

Failure Events Are Logged When the Welcome Screen Is Enabled

Author Comment

ID: 26290044
Guys, I will try your recommendations tomorrow.
PLease note I'm not receivng the event id 680 on a server.  I'm receiving it on windows xp sp3 machines and the source workstation is located in a different site.  Just wanted to add this information in case it helps you diagnose this problem further.  Please stay tuned.  Thanks.

Author Closing Comment

ID: 31676488
Think the problem was because the domain controller in the site with the problem source workstation had network threat protection (part of symantec 11) turned on and so clients were failing trying to authenticate to with this intrasite domain controller.  I visisted the site and I wasn't able to disjoin/rejoin clients to the domain.  I uninstalled network threat protection and the problem cleared.  Anyway, with this situation, there was another member server iin the site that claimed the master brower responsiblity and it had IIS on it which was part of the error log.  Hope all is well now.  Thanks for the assistance.

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Scripts are great for performing batch jobs against users, however sometimes the GUI is all you need.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question