Event fires during patch application? Expand / Collapse
Author
Message
Posted 7/22/2009 12:00:54 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 7/22/2009 2:03:12 PM
Posts: 1, Visits: 5
Hello,

We have some alerts setup to fire when event 4776 shows up. The problem is that we have noticed that when some patches or service packs get applied, that this alert will show up multiple times from the domain controller.  What gives with this?

Here are examples:

Jul 21 21:25:56 10.1.113.225 MSWinEventLog 1 Security 4380641 Tue Jul 21 21:25:53 2009 4776 Microsoft-Windows-Security-Auditing N/A N/A Information domaincontroller.contoso.com None The domain controller attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: Administrator Source Workstation: MEMBER-SERVER Error Code: 0xc0000064 4379795

When I hop onto "MEMBER-SERVER", I will see events like this:

Event Type: Information
Event Source: NtServicePack
Event Category: None
Event ID: 4371
Date:  7/21/2009
Time:  9:09:15 PM
User:  MEMBER-SERVER\Administrator
Computer: MEMBER-SERVER
Description:
Windows Server 2003 Service Pack 2 was installed (Service Pack 1 was previously installed).

(Ignore the differing timestamps; I just grabbed two separate examples).

 

Thoughts?


Post #139
Posted 7/24/2009 9:42:42 AM
Expert

ExpertExpertExpertExpertExpertExpertExpertExpert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0
For one thing you need to look at the failure code on this event.  C0000064 means user name does not exist as documented for 4776 in my encyclopedia. As to why it's being cause I can't say for sure...
Post #145
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 10:50pm