Failure Audit 680

Question

Creator

Topic
June 12, 2010 at 10:30 am #2213509

Failure Audit 680

Locked

by matthew moss · about 13 years, 3 months ago

I was going through our security logs on the exchange machine, and I noticed an insane amount of failure audit 680 events. I’m fairly new to the field, so after a few days of troubleshooting, I figured I’d reach out and see if anyone had suggestions.

The error code we’re getting is 0xc0000064 – which according to Microsoft documentation means the user account doesn’t exist. But the logon accounts that are failing are all actual users we have.

So far, I’ve tried changing the IIS metabase NtAuthenticationProviders from “NTLM”, to “Negotiate, NTLM”.

Then, I changed the security settings on a user’s outlook to just NTLM authentication.

I also changed the email server settings to “trusted for delegation” on the domain controllers active directory user and computer properties.

No luck. The one thing i may try is applying this hotfix: http://support.microsoft.com/kb/942636

But I wanted to see if anyone else had any other ideas before I moved forward.

Thanks in advance!

Matt

This conversation is currently closed to new comments.
Creator

Topic

All Answers

Author

Replies
- June 12, 2010 at 10:30 am #3027734
  
  Clarifications
  
  by matthew moss · about 13 years, 3 months ago
  
  In reply to Failure Audit 680
  
  Clarifications
- June 12, 2010 at 5:47 pm #3027683
  
  It this is only in the logs
  
  by seanferd · about 13 years, 3 months ago
  
  In reply to Failure Audit 680
  
  and not affecting actual logins, I’d suggest either patching or ignoring it. Affecting logging into accounts or taking up way too much log space? Patch it.
  
  As MS says, it is an incorrect return. Unless the connection attempt are timing out due to actual server load or connectivity problems, it sounds like a good fix.
  
  In the past, I’ve installed the UPHClean service for a slightly similar problem which occurs when user accounts aren’t unloaded correctly at logoff or shutdown.
  - June 14, 2010 at 9:16 am #3027430
    
    Thanks!
    
    by matthew moss · about 13 years, 3 months ago
    
    In reply to It this is only in the logs
    
    Thanks Sean for the reply. based on your feedback, i’ll probably just leave it alone. If it’s not broke, don’t fix it, i guess. and it’s not actually causing any login errors…
    
    Matt
    - June 14, 2010 at 12:34 pm #3025613
      
      I hear that.
      
      by seanferd · about 13 years, 3 months ago
      
      In reply to Thanks!
      
      Because you can’t be sure what else the patch might do, you may as well leave it alone. 😉
Author

Replies

Viewing 1 reply thread

Start a Discussion

Start New Discussion

Natural and man-made disasters can jeopardize the operations and future of any company today. Hurricanes, earthquakes and terrorist or cyberattacks are just a few examples of potentially crippling threats. As a result, the development of a disaster recovery plan is a must to ensure ongoing business processes in the wake of a crisis situation. This ...

Keeping all the various moving parts of a business running smoothly and on time requires a well-organized individual who can see the final goal of a project, develop a path to reach that goal and communicate the path that must be followed to all the individuals and teams working to bring that final goal to ...

SSL certificates are essential for encrypting traffic between systems such as clients, which access servers via web browsers or applications that communicate with remote systems. Certificates protect client and server data, commonly involving confidential information such as credit card details or social security numbers. The purpose of this SSL Certificate Best Practices Policy from TechRepublic ...

Networks

Question

Failure Audit 680

All Answers

Clarifications

It this is only in the logs

Thanks!

I hear that.

Power Checklist: Building Your Disaster Recovery Plan

Hiring Kit: Project Manager

SSL Certificate Best Practices Policy

Mobile Device Computing Policy