Login attempt - Need help identifying

I received this from my vulnerability scan company and wanted some assistance in identifying.

Win08. GFL. Logon Failure: Unknown username or bad password. Event Id:4625. An account failed to log on.. Subject:. Security ID:S-1-5-18. Account Name:WIL-FUNTIME$. Account Domain:EXPERTEXCHANGE. Logon ID:0x3e7. Logon Type:8. Account For Which Logon Failed:. Security ID:S-1-0-0. Account Name:test. Account Domain:. Failure Information:. Failure Reason:Unknown user name or bad password.. Status:0xc000006d. Sub Status:0xc0000064. Process Information:. Caller Process ID:0x708. Caller Process Name:C:\Windows\System32\svchost.exe. Network Information:. Workstation Name:WIL-FUNTIME. Source Network Address:-. Source Port:-. Detailed Authentication Information:. Logon Process:Advapi . Authentication Package:MICROSOFT_AUTHENTICATION_PACKAGE_V1_0. Transited Services:-. Package Name (NTLM only):-. Key Length:0. This event is generated when a logon request fails. It is generated on the computer where access was attempted.. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service or a local process such as Winlogon.exe or Services.exe.. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).. The Process Information fields indicate which account and process on the system requested the logon.. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.. The authentication information fields provide detailed information about this specific logon request.. - Transited services indicate which intermediate services have participated in this logon request.. - Package name indicates which sub-protocol was used among the NTLM protocols.. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Larry KiterlingAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
I would suggest that you use Active Directory Auditor by Lepide Software. This will give you good insight on where the account is being locked out from.

Active Directory Auditor by Lepide Software
http://www.lepide.com/lepideauditor/active-directory-auditing.html

Will.
Larry KiterlingAuthor Commented:
Can you give me any directions on what I need to investigate?
Rakesh KapoorCommented:

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
SolarWinds® Network Configuration Manager (NCM)

SolarWinds® Network Configuration Manager brings structure and peace of mind to configuration management. Bulk config deployment, automatic backups, change detection, vulnerability assessments, and config change templates reduce the time needed for repetitive tasks.

Larry KiterlingAuthor Commented:
Even better,
Can someone summarize what the error states? I actually don't need to investigate any further just a summary of the event above. Thanks!
Rakesh KapoorCommented:
In your network some computer is sending authentication request, which is getting failed. It could be any virrus or any process.

Did you change any password of any service account after which you started getting these alerts.

In old comments, I shared list to tools to identify detailed information about the source computer.

Hope this explanation would be helpful.
Larry KiterlingAuthor Commented:
Is this a authentication request from another PC trying to access WIL-FUNTIME or is is WIL-FUNTIME attempting to access a PC?
Rakesh KapoorCommented:
Account Name:WIL-FUNTIME$. Account Domain:EXPERTEXCHANGE is trying to access the computer. Is this a Service account? Did you recently change password of this account???

What is this account for??
Larry KiterlingAuthor Commented:
WIL-FUNTIME is the actual computer name. Does that mean it tried to authenticate against itself?
Larry KiterlingAuthor Commented:
Do i need to install this tool on the AD or on WIL-FUNTIME?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.