When I am looking at the security tab of my event viewer on a Windows Server 2008 R2, I am showing a ton of Audit Failures with Event ID 4776.
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: randy
Source Workstation: HPDB1
Error Code: 0xc0000064
I verified the account "randy" exist in my Active Directory. From my understanding, there has not been any recent password changes. Is there any way to get detailed information on this error? I am wondering what program is requesting this information.
Also, is there any way to clear this error up? I was thinking about resetting the password and changing it back to the original.
Best Answer
The error code
0xc0000064means that the specified user does not exist. I know you said that you do have a user named 'randy' in your domain. So to fix it, you have a look at the applications on the workstation HPDB1, and find out which one is trying to log in as 'randy' but not adding in your domain prefix.(Such as
DomainA\randy)Look for scheduled tasks, services, etc., that may be running under the security context of 'randy' or may be trying to use the username 'randy' to log in to the domain. Also check the Windows Credential Vault. Randy typed his credentials into something without specifying the domain name.