Failure in Exchange Event Log

BrentStobbs · ‎Jun 07 2020

Can anyone help me with some ideas on how to track this down?

I am getting several Audit Failures every minute on my Exchange Server. This is the event log entry:

An account failed to log on.

Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: <Name of Exchange Server>$
Account Domain: <Correct Domain>

Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xC000006D
Sub Status: 0x0

Process Information:
Caller Process ID: 0x0
Caller Process Name: -

Network Information:
Workstation Name: <Name of Exchange Server>
Source Network Address: <Correct IP Address of Exchange Server>
Source Port: 6476 <Seems to be random>

Detailed Authentication Information:
Logon Process:
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

The exchange server seems to be working okay, but I want to eliminate these failures but cannot track them down.

BemmelenPatrick · ‎Jun 16 2020

Hello Brent, I have seen this once when IPv6 was disabled on an Exchange server. NTLM requests didn't got through after this was disabled. Is this the case on your Exchange server?

BrentStobbs · ‎Jun 16 2020

@BemmelenPatrick Hi, Thanks for your reply, unfortunately this is not it as IPv6 is enabled.

cmajewski · ‎Dec 16 2020

@BrentStobbs

Ever find a solution to this?

BrentStobbs · ‎Dec 16 2020

No I'm afraid I haven't resolved this one yet.

Failure in Exchange Event Log

Failure in Exchange Event Log

RE: Failure in Exchange Event Log

RE: Failure in Exchange Event Log

RE: Failure in Exchange Event Log

RE: Failure in Exchange Event Log

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Failure in Exchange Event Log