I had this error crop up with a companion error in the system log: The Security System detected an authentication error for the server cifs/FQDNservername. The failure code from authentication protocol Kerberos was "The referenced account is currently disabled and may not be logged on to.(0xc0000072)".
Turned out to be a user on a Terminal Server who'd been let go by the company, whose account had been deactivated. Their session was still running. Once I logged off the user using TS Manager, all was well.
Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.
Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.