Multiple 4625 Logon Failures in Security Log
Posted on 2010-11-29
We are receiving multiple 4625 Logon Failures in the security event log which seem to be related to Kerberos Errors in the System Event Log. The errors are as follows:
The Kerberos client Received a KRB_AP_ERR_MODIFIED error from server desktop40$. The target name used was cifs/laptop-10.domain.local.
This also generates Multiple 4625 Audit Failures in the Security Log
Security ID: NULL SID
Logon ID: 0x0
Account For Which Logon: NULL SID
Failure Reason: Unknown User Name or Bad Password
Sub Status: 0xc000006a
The source network address is the Domain Controller.
The server receiving the error is a Windows 2008 SP2
This server is a secondary DNS, File, and Print Server. Internet Printing and BES 5.2 are also setup. All the clients are Windows 7 Professional. Domain is 2008 SBS. There are no logon failures on the SBS 2008 server.
Any insight or help would be appreciated.