SOLVED

FailedLogonDescriptionSourceAccountUnknownUser for compromised accounts

Highlighted
Occasional Contributor

Hi Guys,

 

I number of known compromised accounts are showing "FailedLogonDescriptionSourceAccountUnknownUser" login activity against a domain controller, see attached pic.

 

Can anyone explain what this means?

atafailed.png

3 Replies
Highlighted
Best Response confirmed by David McAllister (Occasional Contributor)
Solution

It's a bug. The system tries to find a resource string in the currently set language and failed to find it.

I opened a bug for it. 

Thanks for reporting it!

 

Eli

Highlighted

Also, I am guessing that the string that was planned behind this key is probably saying we saw a failed authentication from an unknown user.

Highlighted

Thanks Eli, interesting to know!

 

If you need anything from me with regards to this please let me know.