troubleshooting Question

Failed Logons hammering Workgroup file server (Win 10)

Avatar of vernaldrich
vernaldrichFlag for United States of America asked on
Microsoft OfficeExchangeMicrosoft 365NetworkingSecurity
7 Comments1 Solution191 ViewsLast Modified:
I need to know a process for isolating the source (process or application) that is generating thousands of failed logons (Event ID 4625) per minute on a win 10 workgroup file server.  Within 10 - 30 minutes of logging onto a win 10 workstation, the account used by the logged on user's profile to logon to the workgroup file server starts generating failed logons ( see details of Event 4624 at end ). The fails don't start immediately. There are 2 network drives mapped to the file server using the same credentials and both work perfectly.  Office 365 is installed using online Exchange. I've reinstalled Office365, remapped her network drives, and deleted stale credentials from the workstation, nothing seems to help.  I moved her to a laptop and installed office365 there, mapped the drives, and the errors have stopped. Does anyone have a clear process for isolating the source of these errors?

Subject:
      Security ID:            NULL SID
      Account Name:            -
      Account Domain:            -
      Logon ID:            0x0

Logon Type:                  3

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:           renee aldrich
      Account Domain:            RENEE-PC

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xC000006D
      Sub Status:            0xC000006A

Process Information:
      Caller Process ID:      0x0
      Caller Process Name:      -

Network Information:
      Workstation Name:      RENEE-PC
      Source Network Address:      192.168.2.97
      Source Port:            50414

Detailed Authentication Information:
      Logon Process:            NtLmSsp
      Authentication Package:      NTLM
      Transited Services:      -
      Package Name (NTLM only):      -
      Key Length:            0
ASKER CERTIFIED SOLUTION
Paul MacDonald
Director, Information Systems

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros