Hi
I am seeing lots of credential validation Audit Failures on one of our DC's from various accounts because of bad passwords. However, I have not had reports of lockouts from any of those accounts.
The strange thing is when I enable netlogon debug, the debug log does not show any errors and I see the accounts successfully validating credentials for the exact same timestamp.
Can anyone advise why these errors are been generated in the event log?
Example
Event log
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: svc_xxxxxx_emea
Source Workstation: xxxxxxxPT01
Error Code: 0xC000006A
10/28/2020 11:49:06 AM
Debug log
10/28 11:49:06 [LOGON] [7904] domainname: SamLogon: Transitive Network logon of domain\svc_xxxxxxx_emea from xxxxxxxPT01 (via E01WPBSSQ01) Entered
10/28 11:49:06 [LOGON] [7904] domainname: SamLogon: Transitive Network logon of domain\svc_xxxxxx_emea from xxxxxxxPT01 successfully handled on DC(UseHub is FALSE).
10/28 11:49:06 [LOGON] [7904] domainname: SamLogon: Transitive Network logon of domain\svc_xxxxxx_emea from xxxxxxxPT01 (via xxxxxxxSQ01) Returns 0x0
thanks in advance