EventID 4771 Audit Failure Kerberos... Expand / Collapse
Author
Message
Posted 1/3/2017 8:52:23 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 12/30/2016 3:01:09 PM
Posts: 1, Visits: 0
We had an administrative user leave the company, but I still get logon failures every minute. having a fabulous time trying to narrow down the Application or Service that is trying to run under this disabled user's credentials. I have combed through the list of Services and do not see one that is running under the mystery account. I have enabled auditing of failed authentications, but this does not give any clues as to what Application or Service is making the call. Any suggestions as to the best way to target the App that is making the calls so that I can update the security context etc?
Post #7304
Posted 1/23/2017 6:54:16 PM
Supreme Being

Supreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme BeingSupreme Being

Group: Moderators
Last Login: 11/14/2013 3:17:47 PM
Posts: 196, Visits: 0
Have you identified the workstation that the login failures are originating from? I would start by looking at the 4771 client address.
Post #7310
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 12:35pm