troubleshooting Question

Tracing Windows Server logon attempts

Avatar of NAZ1000
NAZ1000Flag for United Kingdom of Great Britain and Northern Ireland asked on
NetworkingSecurityWindows OSWindows Server 2008
9 Comments1 Solution12 ViewsLast Modified:

A Window 2008 R2 Server (due for imminent replacement) is generating attempted failed ogon events for administrator account multiple times per second (eventID 4776).

Any way I can find out whats causing this ? is there malware on the Lan ?

Ive temporarily tried disabling administrator account but events still appearing.


The computer attempted to validate the credentials for an account.

Authentication Package:    MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account:    administrator
Source Workstation:    
Error Code:    0xc000006a

ASKER CERTIFIED SOLUTION
Dr. KlahnPrincipal Software Engineer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 9 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros