Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Source: Service Control Manager|
Logon attempt with current password failed with the following error: Logon failure: <error message>.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the Service Control Manager?
- Error message: "Unknown user name or bad password" - See ME188641, ME262377, ME241587, ME282456, ME283133 and "JSI Tip 1764" for possible scenarios that may cause this event.
- Error message: "The user has not been granted the requested logon type at this computer" - See ME191328, ME264697, ME272981 and the link to "Trend Micro Support Solution ID: 22630" for details.
If the description reads "The update was paused because the disk is full. Free up disk space to continue crawling the index", see ME925609.
- Error message: "The user has not been granted the requested logon type at this computer" - Investigate the account involved. It may need to be given the "Log on as a service" or "Log on locally” user right.
- Error message: "Unknown user name or bad password" - This event can be ignored when Windows 2000 is started in Active Directory Restore mode.
- Error message: "The trust relationship between this workstation and the primary domain failed" - In one case, this happened after a computer was rebuilt from a Ghost image and rebooted. This was fixed by removing the computer from the domain and rejoining the domain.
We encountered this message when a server is restarted and the password for some service accounts have been changed without updating the service properties. There are several Microsoft articles with information about this event: ME149641, ME171390, ME247720, ME259733, ME314357, and ME327545 for more details.
I had this error for the Exchange 5.5 System Attendant when we attempted to boot a BDC Exchange server with the PDC offline. It was resolved by reselecting the Service account for All Exchange services once the PDC was available (the Service Account selection windows was grayed when the PPDC was off-line). This may have been caused by the simultaneous exposure of a test machine to the live network. This test machine had originally been a BDC on the live domain but had since then been disconnected, promoted to a PDC, renamed, and had the domain name changed.
|Private comment: Subscribers only. See example of private comment|
|Links: ME149641, ME171390, ME188641, ME191328, ME241587, ME247720, ME259733, ME262377, ME264697, ME272981, ME282456, ME283133, ME314357, ME327545, ME925609, Trend Micro Support Solution ID: 22630, JSI Tip 1764, MSW2KDB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated