We are constantly receiving event log errors that the authenticated account we use with Arcserve has a bad password or something. I have 10 servers with Arcserve installed on it and 5 of them are reporting this error at the top of every hour. They all use the same authentication account.12/07/2011 09:00:34 AMLogName=SecuritySourceName=Microsoft Windows security auditing. EventCode=4625 EventType=0 Type=Information ComputerName=SERVERDC3.OurDomain.local TaskCategory=Logon OpCode=Info RecordNumber=70984967 Keywords=Audit Failure Message=An account failed to log on. Subject: Security ID:S-1-5-18 Account Name:SERVERC3$ Account Domain: OurDomain Logon ID:0x3e7 Logon Type:4 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name:causer Account Domain: SERVERDC3 Failure Information: Failure Reason: Unknown user name or bad password. Status: 0xc000006d Sub Status: 0xc0000064 Process Information: Caller Process ID: 0x1434 Caller Process Name: C:\Program Files\CA\SharedComponents\ARCserve Backup\UniAgent\UnivAgent.exe Network Information: Workstation Name: SERVERDC3 Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. ===== next error for the same server: 12/07/2011 09:00:34 AM LogName=SecuritySource Name=Microsoft Windows security auditing. EventCode=4776 EventType=0 Type=Information ComputerName=SERVERDC3.OurDomain.local TaskCategory=Credential Validation OpCode=Info RecordNumber=70984966 Keywords=Audit FailureMessage=The computer attempted to validate the credentials for an account. Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Logon Account: causer Source Workstation: SERVERDC3 Error Code: 0xc0000064
We have multiple servers with Arcserve, this error is occuring on a number of the servers, but not all of them.
The account used is a domain authenticated account and is used for all the servers with Arcserve installed. So we're trying to identify why this error is occuring. Version of ARCserve and OS: OS is Windows server 2008 R2 with SP1, Arcserve version is 15R build 6222 Any suggestions are appreciated. Roger
|