Question

Locked

Failure Audit 680

By Matthew Moss ·
I was going through our security logs on the exchange machine, and I noticed an insane amount of failure audit 680 events. I'm fairly new to the field, so after a few days of troubleshooting, I figured I'd reach out and see if anyone had suggestions.

The error code we're getting is 0xc0000064 - which according to Microsoft documentation means the user account doesn't exist. But the logon accounts that are failing are all actual users we have.

So far, I've tried changing the IIS metabase NtAuthenticationProviders from "NTLM", to "Negotiate, NTLM".

Then, I changed the security settings on a user's outlook to just NTLM authentication.

I also changed the email server settings to "trusted for delegation" on the domain controllers active directory user and computer properties.

No luck. The one thing i may try is applying this hotfix: http://support.microsoft.com/kb/942636

But I wanted to see if anyone else had any other ideas before I moved forward.

Thanks in advance!

Matt

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

It this is only in the logs

by seanferd In reply to Failure Audit 680

and not affecting actual logins, I'd suggest either patching or ignoring it. Affecting logging into accounts or taking up way too much log space? Patch it.

As MS says, it is an incorrect return. Unless the connection attempt are timing out due to actual server load or connectivity problems, it sounds like a good fix.

In the past, I've installed the UPHClean service for a slightly similar problem which occurs when user accounts aren't unloaded correctly at logoff or shutdown.

Collapse -

Thanks!

by Matthew Moss In reply to It this is only in the lo ...

Thanks Sean for the reply. based on your feedback, i'll probably just leave it alone. If it's not broke, don't fix it, i guess. and it's not actually causing any login errors...

Matt

Collapse -

I hear that.

by seanferd In reply to Thanks!

Because you can't be sure what else the patch might do, you may as well leave it alone.

Back to Networks Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums