Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 45056 Source: LsaSrv

Logon cache was disabled. Intermittent authentication failures may result during periods of network latency or interrupts. Please contact your system administrator.
This error will occur if the policy "Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available)" is set to '0' in either the Local Security policy or via Group Policy.
This indicates that the cached logons feature in Windows Server 2008 has been disabled, or the Windows Server 2008 number of cached logons (default of 25) was exceeded.

If a domain controller is unavailable and a user's logon information is cached, the user is prompted with the following message:

A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available.
With caching disabled, the user is prompted with this message:

The system cannot log you on now because the domain <DOMAIN_NAME> is not available.

To fix this do one of the following:
1. Enable the Windows Server 2008 cached logons.
2. Increase the Windows Server 2008 number of cached logons from the default of 25

Cached logon information is controlled by the following key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0 - 50

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.