7,023 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 46%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ER4%3C/text%3E%3C/svg%3E)
It sounds like there are cached credentials on the workstation / server. Have you checked credential manager or run klist as "system" using psexec to check for any user session as well?
Event id 4625(An account failed to logon)
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(12.8, 74%, 11%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EST%3C/text%3E%3C/svg%3E)
Shabana Thasneem
1
Reputation point
I have been getting this event 4625 regularly after a particular account's password has changed with failure code as unknown username or bad password from a single machine, the same user has been successfully logging from other machines in domain controller.
I have checked for any services were running using previous credentials and also whether any cached credentials stored there, but nothing worked.
Does anyone have any suggestion on this?
Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Client for IT Pros | User experience | Other
{count} votes
-
Reza Aghaei 4,986 Reputation points MVP2022-07-18T12:22:06.857+00:00 Looks like a Windows question, not a Windows Forms question, or you may forgot to include more details about the windows forms app which may have something to do with this problem? :)
Sign in to comment