troubleshooting Question

Large amount of security audit failures with no "Source Workstation".

Avatar of FormerZeroCool
FormerZeroCool asked on
Active DirectorySecurity* domain controller
5 Comments1 Solution156 ViewsLast Modified:
We are seeing a large amount of security audit failures with no source workstation listed.  Usually these happen in quick blips with well over 1,000 accounts tried in a short time span.  In each instance, there is never a source workstation listed and 99% of the errors show a 0xc0000064 error since there is no such account.  Is there anywhere else to check where I can tell where this took place from?  We have multiple DC's, but only one DC is showing the audit failures.

Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:      ****
Source Workstation:      
Error Code:      0xc0000064


Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 5 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 5 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros