troubleshooting Question

Windows Network logon (Type 3) failure internal to workstation by disabled "Guest" account.

Avatar of hypercube
hypercubeFlag for United States of America asked on
Windows OSNetworking
7 Comments1 Solution96 ViewsLast Modified:
I'm still chasing 4625 failed logons (Type 3) as in:
https://www.experts-exchange.com/questions/29168087/Type-3-logon-failures-4625-from-old-credentials.html
and, more recently, as in:
https://www.experts-exchange.com/questions/29169997/Windows-Network-logon-Type-3-failure-internal-to-workstation-by-disabled-Guest-account.html

We are seeing Event 4625 failed logon type 3 reports:
Reported Username is Guest on a computer where the Guest account is inactivated.
Event reports: "Remote Device" is the workstation computername itself - not another one.
Event reports: "Domain" is the same workstation computername - not another one and not the domain that the workstation is joined.

So, yes, attempts to logon with Guest should fail because Guest is inactivated.
But why would a workstation be having logon attempts unto itself when I think if Guest as being a Network logon attempt.
And, yes, these are "network logons" (Type 3, right?).
So why are they coming from within the workstation?

In this case, it happened on Friday starting around time for people to come to work at 8:30  and it persisted until 11:50.  There were over 400 events, some of which occurred within the same second - spaced variably with gaps up to an hour.

This is happening on a few workstations, although not to this degree.
In this case, it's not an "old credential".and yet the results are very similar to the earlier question's situation.

I still haven't found the smoking gun.  It occurs to me that a "network" logon attempt by what is identified as Guest may be coming from a loopback or .... ?  That is, it *appears* to be coming from the network and the attempt isn't being identified but, rather, translated to Guest.  But I'm way out of my depth in taking this idea any further.
ASKER CERTIFIED SOLUTION
Steve Knight
IT Consultancy

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 7 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 7 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros