event id 680 - Failure audit

Posted on 2010-01-11
Medium Priority
Last Modified: 2012-10-05
Hello gang and as always thanks for your time and expertise.
Here's my problem.  I work in a school and in one of our labs when a user tries to login (ctrl, alt, del) there's a message that reads as follows: the security log is full.  only an administrator can log in and clear this problem.
if I reboot the pcs in this lab, the message goes away.
in event viewer, we have an error code 680 and it relays the following information:
 Logon account:  Administrator
 Source Workstation: xxxx-RM101
 Error Code: 0xC000006A

Please help as this message causes a problem (again only in this particular lab) at least once a week or every two weeks.  Please let me know how to resolve this.  Much appreciated.

Question by:pendal1
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2

Accepted Solution

himvy earned 501 total points
ID: 26286638
LVL 13

Assisted Solution

jaynir earned 999 total points
ID: 26287716
LVL 13

Assisted Solution

jaynir earned 999 total points
ID: 26287750
ID: 680
Source: Security

A program or service attempted to start with the logon credentials specified
in the message, which do not match the credentials of the current user. This
message is logged for informational purposes only.

User Action
No user action is required.

Failure Events Are Logged When the Welcome Screen Is Enabled

Author Comment

ID: 26290044
Guys, I will try your recommendations tomorrow.
PLease note I'm not receivng the event id 680 on a server.  I'm receiving it on windows xp sp3 machines and the source workstation is located in a different site.  Just wanted to add this information in case it helps you diagnose this problem further.  Please stay tuned.  Thanks.

Author Closing Comment

ID: 31676488
Think the problem was because the domain controller in the site with the problem source workstation had network threat protection (part of symantec 11) turned on and so clients were failing trying to authenticate to with this intrasite domain controller.  I visisted the site and I wasn't able to disjoin/rejoin clients to the domain.  I uninstalled network threat protection and the problem cleared.  Anyway, with this situation, there was another member server iin the site that claimed the master brower responsiblity and it had IIS on it which was part of the error log.  Hope all is well now.  Thanks for the assistance.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question