AD DC - Error 4625 Status 0x80090308

2

I recognzie a small amount of Event 4625 entries with a status of 0x80090308 and substatus 0x0; 2% over all 4625's.

It is basically a failed logon but without any information I could use to look further into it. And that's the point which draws my intereset. I don't know what it is and where it comes from. The only common thing is that it comes every time from the same DC, out of four.

With procmon.exe I tried to pin it down to a specific connect from a remote resource (Logon Type 3), but all the connects and actions in such a specific timeframe had a successfull flag in procmon.

The Statuscode of 0x80090308 seems not to be documented anywhere.

Has anyone else came across this error code and might have an idea, where to look into?

Thanks, S-L

An account failed to log on.

Subject:
  Security ID:  NULL SID
   Account Name:  -
   Account Domain:  -
   Logon ID:  0x0
Logon Type:  3
Account For Which Logon Failed:
   Security ID:  NULL SID
   Account Name: 
   Account Domain:  
Failure Information:
   Failure Reason:  An error has occured during logon
   Status:   0x80090308
   Sub Status:  0x0
Process Information:
   Caller Process ID: 0x0
   Caller Process Name: -
Network Information:
   Workstation Name: 
   Source Network Address: -
   Source Port:  -
Detailed Authentication Information:
      Logon Process:  
   Authentication Package: NTLM
   Transited Services: -
   Package Name (NTLM only): -
   Key Length:  0
active-directory
windows-server-2012-r2
windows-event-log
asked on Server Fault Jun 30, 2015 by S-L

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0