Nov 13 2018
- last edited on
Nov 30 2021
I number of known compromised accounts are showing "FailedLogonDescriptionSourceAccountUnknownUser" login activity against a domain controller, see attached pic.
Can anyone explain what this means?
Nov 13 2018 06:46 AMSolution
It's a bug. The system tries to find a resource string in the currently set language and failed to find it.
I opened a bug for it.
Thanks for reporting it!
Nov 13 2018 06:48 AM
Also, I am guessing that the string that was planned behind this key is probably saying we saw a failed authentication from an unknown user.
Nov 13 2018 07:41 AM
Thanks Eli, interesting to know!
If you need anything from me with regards to this please let me know.