Hello Stan23Cooper,
Thank you for posting on the Microsoft Community Forum.
It is normal for most login types to not have workstation or IP information, such as the type 3 you mentioned in the post, which belongs to the network and does not have a login security ID.
The error status 0XC00006D reported in the post may be due to incorrect username or authentication information. Sub state 0xC0000064: User logged in with spelling error or incorrect user account.
The information I have found specifically indicates that error C064 in the error sub state. If multiple such events occur consecutively, this may be a sign of user enumeration attacks.
It is possible that the company has been maliciously attacked by enumerating all account login passwords through network login.
If the current operation of your company is not affected, this error does not need to be handled. However, for security reasons, users should strengthen their domain password policy and use more complex passwords.
Alternatively, set a limit on the number of login attempts on the domain controller to avoid attacks such as brute force password cracking. (However, this approach may result in restricted normal login for users)
If your company's network traffic is very high, it may be due to customers filling in the wrong password during login.
Are all the accounts you mentioned in your domain? If so, what is the Lockout threshold in your domain, if the Lockout threshold is more than the value you configured, then there will be domain accounts locked out.
Here is the article about error 4625, I hope it can help you:
4625(F) An account failed to log on. - Windows Security | Microsoft Learn
I hope you the information above is helpful.
If you have any questions or concerns, please do not hesitate to let us know.
Best Regards,
Daisy Zhou