Start Free Trial

asked on 12/27/2017

Large amount of security audit failures with no "Source Workstation".

We are seeing a large amount of security audit failures with no source workstation listed. Usually these happen in quick blips with well over 1,000 accounts tried in a short time span. In each instance, there is never a source workstation listed and 99% of the errors show a 0xc0000064 error since there is no such account. Is there anywhere else to check where I can tell where this took place from? We have multiple DC's, but only one DC is showing the audit failures.

Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:      ****
Source Workstation:
Error Code:      0xc0000064

Thanks!

Active Directory Security Domain Controller

Last Comment

1/10/2018

12/27/2017

Maybe this MS KB works for you.
https://support.microsoft.com/en-us/help/982801/a-domain-controller-returns-the-no-such-user-0xc0000064-status-code-or

12/27/2017

ASKER

I looked at that article earlier, but since this DC only gets shutdown every 30-60 days for patches, that takes it out of the equation. Whoever is trying to get into the system is using non-standard accounts. I turned verbose logging on in hopes that some additional information would be obtained.

1/5/2018

The error 0xc0000064 means - The account does not exist.

You may want to check the following threads:

https://www.experts-exchange.com/questions/29032039/Audit-Failure.html

https://social.technet.microsoft.com/Forums/en-US/24e648ea-38ff-4188-af68-c4bacc853809/numerous-event-id-680-with-error-code-0xc0000064?forum=winserverDS

ASKER CERTIFIED SOLUTION

1/5/2018

Blurred text

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

1/10/2018

ASKER

None of the answers prior to resolving the issue myself answered my question.

Active Directory

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

86K

Questions

--

Followers

--

Top Experts

Get a personalized solution from industry experts

Ask the experts

"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23
"Your help has saved me hundreds of hours of internet surfing."
@fblack61
"Just a dang good service!"
@golferski
"Worth every penny."
Steve Hougom
"It’s been a life saver."
Maria Halt
"Best support site I’ve seen!"
Bob Schneider
"I would be lost without them."
@fblack61
"Saved my job multiple times."
Walt Forbes
"I love this site."
Maria Duwe
"Friendly respectful help."
Andrew Kowtalo
"Such top-notch experts."
@magento
"The best money I have ever spent."
@rwheeler23
"Beyond any comprehensible value"
George Morris
"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23

Read over 600 more reviews

TRUSTED BY