I have set up a new Windows Server R2 domain and the servers are in a remote location that are entirely managed and run via Remote desktop. The account that I am using a Domain admin account and I am able to log int remotely and manage the domain. I want to create new accounts that can log in, but I keep getting an error that I have listed below and note that the passwords and usernames do exist and we are typing them properly:
Unknown username or bad password:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 6/29/2010 2:57:47 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: DC1.vnet.corp
Description:
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: DC1$
Account Domain: VNET
Logon ID: 0x3e7
Logon Type: 10
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: <acct changed for security>
Account Domain: VNET.CORP
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0xefc
Caller Process Name: C:\Windows\System32\winlogon.exe
Network Information:
Workstation Name: DC1
Source Network Address: 10.10.11.36
Source Port: 1413
Detailed Authentication Information:
Logon Process: User32
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The
most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the
system requested the logon.
The Network Information fields indicate where a remote logon request
originated. Workstation name is not always available and may be left blank
in some cases.
The authentication information fields provide detailed information about
this specific logon request.
- Transited services indicate which intermediate services have participated
in this logon request.
- Package name indicates which sub-protocol was used among the NTLM
protocols.
- Key length indicates the length of the generated session key. This will
be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing"
Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12544</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2010-06-29T18:57:47.614777300Z" />
<EventRecordID>7710090</EventRecordID>
<Correlation />
<Execution ProcessID="496" ThreadID="3532" />
<Channel>Security</Channel>
<Computer>DC1.vnet.corp</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-5-18</Data>
<Data Name="SubjectUserName">DC1$</Data>
<Data Name="SubjectDomainName">VNET</Data>
<Data Name="SubjectLogonId">0x3e7</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName"><acct changed for security></Data>
<Data Name="TargetDomainName">VNET.CORP</Data>
<Data Name="Status">0xc000006d</Data>
<Data Name="FailureReason">%%2313</Data>
<Data Name="SubStatus">0xc000006a</Data>
<Data Name="LogonType">10</Data>
<Data Name="LogonProcessName">User32 </Data>
<Data Name="AuthenticationPackageName">Negotiate</Data>
<Data Name="WorkstationName">DC1</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0xefc</Data>
<Data Name="ProcessName">C:\Windows\System32\winlogon.exe</Data>
<Data Name="IpAddress">10.10.11.36</Data>
<Data Name="IpPort">1413</Data>
</EventData>
</Event>
Bookmarks