troubleshooting Question

The domain controller attempted to validate the credentials for an account, Error 4776. listing domain Controller as Source Workstation

Avatar of Bobby Ashton
Bobby AshtonFlag for United States of America asked on
* domain controllerActive DirectorySecurity
3 Comments1 Solution309 ViewsLast Modified:
I have been trying to track down an issue where one of our staff is getting locked out or their computer.  In checking the logs I usually can find the the logs with Error 4776 will tell me which workstation was being used to enter the wrong password, but for this individual the Domain Controller is listed as the source workstation.

AV - Alert - "1490362410" --> RID: "18105"; RL: "4"; RG: "windows,"; RC: "Windows audit failure event."; USER: "(no user)"; SRCIP: "None";
HOSTNAME: "(DC1) 192.168.xxx.xxx->WinEvtLog"; LOCATION: "(DC1) 192.168.xxx.xxx->WinEvtLog"; EVENT: "[INIT]2017 Mar 24 09:33:28 WinEvtLog:
Security: AUDIT_FAILURE(4776): Microsoft-Windows-Security-Auditing: (no user): no domain: DC1.Mydomain.com: The domain controller
attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: firstname.lastname
Source Workstation: DC1 Error Code: 0xc000006a[END]";
ASKER CERTIFIED SOLUTION
Luis Mena

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 3 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 3 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros