Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 7013 Source: ServiceControlManager

Level
Description
Logon attempt with current password failed with the following error: Logon failure: <error message>.
Comments
 
- Error message: "Unknown user name or bad password" - See ME188641, ME262377, ME241587, ME282456, ME283133 and "JSI Tip 1764" for possible scenarios that may cause this event.
- Error message: "The user has not been granted the requested logon type at this computer" - See ME191328, ME264697, ME272981 and the link to "Trend Micro Support Solution ID: 22630" for details.

If the description reads "The update was paused because the disk is full. Free up disk space to continue crawling the index", see ME925609.
- Error message: "The user has not been granted the requested logon type at this computer" - Investigate the account involved. It may need to be given the "Log on as a service" or "Log on locally” user right.
- Error message: "Unknown user name or bad password" - This event can be ignored when Windows 2000 is started in Active Directory Restore mode.
- Error message: "The trust relationship between this workstation and the primary domain failed" - In one case, this happened after a computer was rebuilt from a Ghost image and rebooted. This was fixed by removing the computer from the domain and rejoining the domain.
We encountered this message when a server is restarted and the password for some service accounts have been changed without updating the service properties. There are several Microsoft articles with information about this event: ME149641, ME171390, ME247720, ME259733, ME314357, and ME327545 for more details.
I had this error for the Exchange 5.5 System Attendant when we attempted to boot a BDC Exchange server with the PDC offline. It was resolved by reselecting the Service account for All Exchange services once the PDC was available (the Service Account selection windows was grayed when the PPDC was off-line). This may have been caused by the simultaneous exposure of a test machine to the live network. This test machine had originally been a BDC on the live domain but had since then been disconnected, promoted to a PDC, renamed, and had the domain name changed.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...