Forum

Ultimate Windows Security Forum » Security Log » 680 - Account Used for Logon by » Duplicate Events

Duplicate Events

Rate Topic

Display Mode

Topic Options

Author

Message

jmcelhin

Posted 8/31/2011 12:38:00 PM

Forum Newbie

Group: Forum Members
Last Login: 8/31/2011 12:21:04 PM
Posts: 1, Visits: 1

I am experiencing this problem with both event ID 675 and event ID 680. Occasionally when a user fails to login to the domain there will be two events with the exact same information. The timestamp will show the exact same hour, minute and second. The Event ID is the same, as well as all other information in the event.
This doesn't happen every time a user has a failed login attempt, but it does happen frequently. I see this a few times each day.

My questions are as follows:

1. Why are duplicate events logged?

2. Is there a way to fix this so only one event is logged per incident?

It's a little redundant, but here is an example where two separate events that are logged in the domain controller for a user who attempted to login with an invalid password.

Event 1

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 680
Date: 8/31/2011
Time: 7:57:27 AM
User: NT AUTHORITY\SYSTEM
Computer: MWADC1
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: User
Source Workstation: MWADC1
Error Code: 0xC000006A

Event 2

Post #794

RandyFranklinSmith

Posted 11/14/2011 8:06:38 AM

Expert

Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 329, Visits: 0

Welcome to Windows auditing. Double the events for the same price. I think it is the Windows client in this case thinking that maybe if it asks again it will get a different answer.

Post #837

« Prev Topic | Next Topic »

Permissions

All times are GMT -5:00, Time now is 3:01am

Upcoming Webinars

Tier Zero: What It Is, Its Importance, Its Boundaries, and Detecting Out-of-Bounds Activity

Additional Resources

Home

Forum

User name:
Password:
	/ Forgot?
	Register

Home

About | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2008 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk.