Hi Akash,
Event ID 4625 on a domain controller indicates that an authentication attempt has failed. Based on the information you have provided, it appears that the failure is related to a logon attempt using NTLM authentication, which is an outdated authentication protocol that has been replaced by Kerberos.
To eliminate this event without affecting your production environment, you can disable NTLM authentication on your domain controllers using Group Policy. Here's how:
- Open the Group Policy Management Console (GPMC) on your domain controller.
- Create a new Group Policy Object (GPO) and give it a descriptive name.
- Edit the GPO and navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
- Locate the "Network security: Restrict NTLM: Incoming NTLM traffic" policy and set it to "Deny All".
- Locate the "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" policy and set it to "Deny All".
These settings will prevent NTLM authentication from being used on your domain controller, which should eliminate the Event ID 4625 errors you are seeing. Note that this may break compatibility with some older applications that rely on NTLM authentication, so you should thoroughly test this configuration in a non-production environment before applying it to your production environment.