Avatar of Bobby Ashton
Bobby Ashton
Flag for United States of America asked on

The domain controller attempted to validate the credentials for an account, Error 4776. listing domain Controller as Source Workstation

I have been trying to track down an issue where one of our staff is getting locked out or their computer.  In checking the logs I usually can find the the logs with Error 4776 will tell me which workstation was being used to enter the wrong password, but for this individual the Domain Controller is listed as the source workstation.

AV - Alert - "1490362410" --> RID: "18105"; RL: "4"; RG: "windows,"; RC: "Windows audit failure event."; USER: "(no user)"; SRCIP: "None";
HOSTNAME: "(DC1) 192.168.xxx.xxx->WinEvtLog"; LOCATION: "(DC1) 192.168.xxx.xxx->WinEvtLog"; EVENT: "[INIT]2017 Mar 24 09:33:28 WinEvtLog:
Security: AUDIT_FAILURE(4776): Microsoft-Windows-Security-Auditing: (no user): no domain: DC1.Mydomain.com: The domain controller
attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: firstname.lastname
Source Workstation: DC1 Error Code: 0xc000006a[END]";
Domain ControllerActive DirectorySecurity

Avatar of undefined
Last Comment
Early Learning Coalition

8/22/2022 - Mon
Early Learning Coalition

Do you have email setup using the domain credentials too? like maybe on her cell phone or some other service that's requestion authentication.
Bobby Ashton

Yes There is a cell phone that is used by this user that does authenticate with this login.  I would think that if that was the case the source would be the email server not the domain controller however.
Early Learning Coalition

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.