Event-ID 4625 0xC000006E,0xC0000070

Copper Contributor

Hi,

I have come across the following problem several times now. From one day to the next, users can no longer log on to their workstations. Error The user is not authorized to log on to this computer (Event ID 4625,0xC000006E,0xC0000070), but no restrictions apply within the domain. I can't get any further with Troubleshooting. Does anyone here have any tips?

 

It only affects one workstation at a time, the user can log on to all others normally. Nobody can log on to the affected workstation.

 

Windows Server 2016 AD

Clients Win 11 23h2

All GPOs checked

LogonHours checked

 

I'm running out of ideas 

 

Update:

 

What I could find out so far is that all affected workstations had a bsod on shutdown yesterday.

 

*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Unknown bugcheck code (c0000244)
Unknown bugcheck description
Arguments:
Arg1: ffffffffc00002fe
Arg2: 0000000000000000
Arg3: 0000000000000000
Arg4: 0000000000000000

Debugging Details:
------------------


KEY_VALUES_STRING: 1

    Key  : Analysis.CPU.mSec
    Value: 2421

    Key  : Analysis.Elapsed.mSec
    Value: 3083

    Key  : Analysis.IO.Other.Mb
    Value: 0

    Key  : Analysis.IO.Read.Mb
    Value: 0

    Key  : Analysis.IO.Write.Mb
    Value: 0

    Key  : Analysis.Init.CPU.mSec
    Value: 530

    Key  : Analysis.Init.Elapsed.mSec
    Value: 8226

    Key  : Analysis.Memory.CommitPeak.Mb
    Value: 95

    Key  : Bugcheck.Code.LegacyAPI
    Value: 0xc0000244

    Key  : Dump.Attributes.AsUlong
    Value: 1008

    Key  : Dump.Attributes.DiagDataWrittenToHeader
    Value: 1

    Key  : Dump.Attributes.ErrorCode
    Value: 0

    Key  : Dump.Attributes.KernelGeneratedTriageDump
    Value: 1

    Key  : Dump.Attributes.LastLine
    Value: Dump completed successfully.

    Key  : Dump.Attributes.ProgressPercentage
    Value: 0

    Key  : Failure.Bucket
    Value: 0xc0000244_nt!PopTransitionSystemPowerStateEx

    Key  : Failure.Hash
    Value: {d7f4a2a5-f9d9-6b4b-d223-f30d1c443f4b}


BUGCHECK_CODE:  c0000244

BUGCHECK_P1: ffffffffc00002fe

BUGCHECK_P2: 0

BUGCHECK_P3: 0

BUGCHECK_P4: 0

FILE_IN_CAB:  121123-5562-01.dmp

ERROR_CODE: (NTSTATUS) 0xc0000244 - { berwachung fehlgeschlagen}  Ein Versuch zur Erzeugung einer Sicherheits berwachung ist fehlgeschlagen.

EXCEPTION_CODE_STR:  c0000244

EXCEPTION_PARAMETER1:  ffffffffc00002fe

EXCEPTION_PARAMETER2:  0000000000000000

EXCEPTION_PARAMETER3:  0000000000000000

EXCEPTION_PARAMETER4: 0

DUMP_FILE_ATTRIBUTES: 0x1008
  Kernel Generated Triage Dump

BLACKBOXBSD: 1 (!blackboxbsd)


BLACKBOXNTFS: 1 (!blackboxntfs)


BLACKBOXPNP: 1 (!blackboxpnp)


BLACKBOXWINLOGON: 1

CUSTOMER_CRASH_COUNT:  1

PROCESS_NAME:  lsass.exe

STACK_TEXT:  
fffff609`ca797398 fffff801`68e9ed3e     : 00000000`0000004c 00000000`c0000244 fffff609`c19b5398 ffffd30a`83556520 : nt!KeBugCheckEx
fffff609`ca7973a0 fffff801`68ea80c5     : fffff609`ca797558 fffff609`ca797479 ffffffff`80004004 00000000`00000000 : nt!PopGracefulShutdown+0x2ce
fffff609`ca797400 fffff801`68ea482c     : 00000000`00000001 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopTransitionSystemPowerStateEx+0x1045
fffff609`ca7974e0 fffff801`6882b8e8     : fffff801`68411b38 fffff609`ca797739 fffff801`6910e240 fffff801`6881c370 : nt!NtSetSystemPowerState+0x4c
fffff609`ca7976b0 fffff801`6881c370     : fffff801`68d87d77 00000000`00000014 00000000`ffffff00 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x28
fffff609`ca797848 fffff801`68d87d77     : 00000000`00000014 00000000`ffffff00 00000000`00000000 ffffffff`ffffffff : nt!KiServiceLinkage
fffff609`ca797850 fffff801`68d88060     : 00000000`00000000 ffffd30a`64ab5cf0 ffffd30a`8df02080 fffff801`6863554f : nt!PopIssueActionRequest+0x223
fffff609`ca797900 fffff801`687608e8     : ffffd30a`8df02000 00000000`00000002 00000000`ffffffff fffff801`6914aac0 : nt!PopPolicyWorkerAction+0x80
fffff609`ca797980 fffff801`68634f85     : ffffd30a`00000001 ffffd30a`8df02080 fffff609`ca797ac0 ffffd30a`64ab5cf0 : nt!PopPolicyWorkerThread+0xa8
fffff609`ca7979c0 fffff801`68707167     : ffffd30a`8df02080 00000000`0000010a ffffd30a`8df02080 fffff801`68634e30 : nt!ExpWorkerThread+0x155
fffff609`ca797bb0 fffff801`6881ba44     : ffff8580`8c680180 ffffd30a`8df02080 fffff801`68707110 00000000`00000246 : nt!PspSystemThreadStartup+0x57
fffff609`ca797c00 00000000`00000000     : fffff609`ca798000 fffff609`ca791000 00000000`00000000 00000000`00000000 : nt!KiStartSystemThread+0x34


SYMBOL_NAME:  nt!PopTransitionSystemPowerStateEx+1045

MODULE_NAME: nt

IMAGE_NAME:  ntkrnlmp.exe

IMAGE_VERSION:  10.0.22621.2792

STACK_COMMAND:  .cxr; .ecxr ; kb

BUCKET_ID_FUNC_OFFSET:  1045

FAILURE_BUCKET_ID:  0xc0000244_nt!PopTransitionSystemPowerStateEx

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {d7f4a2a5-f9d9-6b4b-d223-f30d1c443f4b}

Followup:     MachineOwner

0 Replies