4649: A replay attack was detected
On this page
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
Your entire Windows Event Collection environment on a single pane of glass.
Free.
A replay attack was detected.
Subject: Security ID: %1 Account Name: %2 Account Domain: %3 Logon ID: %4 Credentials Which Were Replayed: Account Name: %5 Account Domain: %6 Process Information: Process ID: %12 Process Name: %13 Network Information: Workstation Name: %10 Detailed Authentication Information: Request Type: %7 Logon Process: %8 Authentication Package: %9 Transited Services: %11
This event indicates that a Kerberos replay attack was detected- a request was received twice with identical information. This condition could be caused by network misconfiguration.
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection
Go To Event ID: Must be a 1-5 digit number No such event ID
Security Log Quick Reference Chart Download now!