This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 91%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
I recently set up an ADFS farm, and I am testing a few user accounts to see if they can sign into /adfs/ls/IdpInitiatedSignon.aspx. Some accounts work fine; others, however, exhibit the following behavior:
In the Security event log, there are three events related to the sign-in. They are as follows (in arrival order):
Event 4648 - A logon was attempted using explicit credentials.
Event 4624 - An account was successfully logged on.
Event 4625 - An account failed to log on (Failure reason: Unknown user name or bad password)
I'm at a loss as to why this is happening for only certain users. Any help you can provide is appreciated.
So you get the same series of events for working users and non working users?
Are you sure of the error code and subcode of the event 4625? 4625 can also be the sign of a privilege issue. Maybe you can copy paste the content of the 4625 here.