My questions are as follows:
1. Why are duplicate events logged?
2. Is there a way to fix this so only one event is logged per incident?
It's a little redundant, but here is an example where two separate events that are logged in the domain controller for a user who attempted to login with an invalid password.
Event 1
Event Type: Failure AuditEvent Source: SecurityEvent Category: Account Logon Event ID: 680Date: 8/31/2011Time: 7:57:27 AMUser: NT AUTHORITY\SYSTEMComputer: MWADC1Description:Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon account: User Source Workstation: MWADC1 Error Code: 0xC000006A
Event 2