FailedLogonDescriptionSourceAccountUnknownUser for compromised accounts

Occasional Contributor

Hi Guys,


I number of known compromised accounts are showing "FailedLogonDescriptionSourceAccountUnknownUser" login activity against a domain controller, see attached pic.


Can anyone explain what this means?


3 Replies
best response confirmed by David McAllister (Occasional Contributor)

It's a bug. The system tries to find a resource string in the currently set language and failed to find it.

I opened a bug for it. 

Thanks for reporting it!



Also, I am guessing that the string that was planned behind this key is probably saying we saw a failed authentication from an unknown user.

Thanks Eli, interesting to know!


If you need anything from me with regards to this please let me know.