Status: 0xC000006D, Logon Type: 4 - This event started being recorded after upgrading a Windows 7 workstation to Windows 10. We found out that a scheduled tasks started failing to authenticate the account used for it. We adjusted the login to match the format used by Windows 10 and the problem was fixed.
(Error 0x803d0013 (-2143485933 WS_W_ENDPOINT_FAULT_RECEIVED) for an instance when this event was recorded due to a misconfigured URI for the Root CA.
Symptom: Access denied on DFS namespace from network. Login needed and error.
Problem: Changed permission on DFSroots (c:\) on server.
Solution: Took ownership on folder and corrected permission.
In one situation, this event was recorded 290 times per day, showing C:\Windows\System32\svchost.exe as the calling process and the admin account as the failing to login due to a wrong password. All the services were configured to run the Local System account. It turned out that the culprit was a batch file scheduled to run every 5 minutes using the Microsoft Task Scheduler. At some point, the admin password was changed and the task started failing at every run attempt. Once the password was updated, the messages stopped.
has some additional comments about this type of event.
I experienced this when running SharePoint WWS 3.0 on Server 2008. Disabling the Loopback check as per the MS knowledge base article did the trick.
From a support forum: "My two DCs was out of sync with date and time - not only out of sync between each other but also compared to the client PC I tried to logon from. Once the time synchronization was fixed, the problem was gone".
From a support forum: "In my case, we changed the administrator password and for some reason the error was gone. Maybe the password changed triggered some other syncs that fixed the issue."
Enabling Kerberos Event Logging as per ME262177
may provide additional information in regards to this event.
If the event description does not contain the user account name, it might be due to a bug in the way Windows handles the use of a smart card to log on to a domain. See ME2157973
for information about a hotfix.
In my case, one host is available from network under few names. It's a web server (Windows 2008, MOSS2007). ME896861
helped (method 1).
See additional information about this event at EV100477
(4625: An account failed to log on).
I get this error after the installation from IE8RC1 on a W8k Server. Botht the problem and the solution are similar with the ones described in ME896861
for information about this event.