That shouldn't be the case and I already see that the thread that you posted there. Just be patient and wait for a response from other community members.
High Authentication Failures
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Anonymous
Hi Team,
I am observing huge authentication failures(4625, 4776) on my domain controllers. Authentication failures are coming from the local account in the workstations.
Multiple machines are trying to authenticate to DC using this local account and obviously as the local account is not configured on DC, it will get authentication failures. The count is very high near to 1000 in a day from multiple workstations.
Brief about local account: Our internal team is using this local account to add new machines to the domain. After adding machines to the domain, this local account becomes useless.
Why is workstation trying to authenticate to DC using local account?
How can we fix this problem?
Raw payload:
AgentDevice=WindowsLog
AgentLogFile=Security
PluginVersion=7.2.5.27
Source=Microsoft-Windows-Security-Auditing
Computer=XXXXXXXXX
OriginatingComputer=XXXXXXXXXXX
User=
Domain=
EventID=4625
EventIDCode=4625
EventType=16
EventCategory=12544
Level=0
Keywords=0
Task=0
Opcode=0
Message=An account failed to log on.
Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: localuser
Account Domain: mylaptop
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x0
Caller Process Name: -
Network Information:
Workstation Name: mylaptop
Source Network Address: 10.1.32.2.23
Source Port: 61905
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: - Package Name (NTLM only): - Key Length: 0
Windows for home | Windows 10 | Security and privacy
Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.
3 answers
Sort by: Most helpful
-
Anonymous
2018-07-23T10:41:17+00:00 -
Anonymous
2018-07-23T10:22:31+00:00 My thread is being considered as spam there :(
-
Anonymous
2018-07-23T10:14:53+00:00 Hello Ravi,
Your query is more complex than what is typically answered in the Microsoft Answers forums. We suggest that you post it on the TechNet Windows 10 forums, which is more geared towards IT Pro audience and Enterprise environment discussions.
Regards.