Overview[1][2]#
Event 4625 is an Windows Security Log Event within the Microsoft Windows Logging system indicating a Error for Entity AuthenticationEvent 4625 relates closely to the Common Active Directory Bind Errors.
Event 4625 indicates an Authentication Failure has occurred The Windows Logon Sub_Status fields are used to determine details on the logging event.
| Sub-Status Code | Description |
|---|---|
| 0x80090325 | The Certificate Chain was issued by an Trust Anchor (CA) that is not trusted. (Not really part of Authentication Failure) |
| 0XC000005E | There are currently no logon servers available to service the logon request. |
| 0xC0000064 | User logon with misspelled or bad userID |
| 0xC000006A | User logon with misspelled or bad password |
| 0XC000006D | This is either due to a bad username or authentication information (ERROR_LOGON_FAILURE) |
| 0XC000006E | Unknown user name or bad password |
| 0xC000006F | User logon outside authorized hours (ERROR_INVALID_LOGON_HOURS) |
| 0xC0000070 | User logon from unauthorized workstation (ERROR_INVALID_WORKSTATION) |
| 0xC0000071 | User logon with expired password (ERROR_PASSWORD_EXPIRED) |
| 0xC0000072 | User logon with Administratively Disabled UserId |
| 0XC00000DC | Indicates the Sam Server was in the wrong state to perform the desired operation. |
| 0XC0000133 | Clocks between Domain Controller and other computer too far out of sync (Time synchronization) |
| 0XC000015B | The user has not been granted the requested logon type (aka logon right) at this machine (ERROR_INVALID_WORKSTATION) |
| 0XC000018C | The logon request failed because the trust relationship between the primary domain and the trusted domain failed. |
| 0XC0000192 | An attempt was made to logon, but the Netlogon service was not started. |
| 0xC0000193 | User logon with expired account (ERROR_ACCOUNT_EXPIRED) |
| 0XC0000224 | User is required to change password at next logon (ERROR_PASSWORD_MUST_CHANGE) |
| 0XC0000225 | Evidently a bug in Windows and not a risk |
| 0xC0000234 | User logon with AccountLocked (ERROR_ACCOUNT_LOCKED_OUT,Intruder Detection) |
| 0XC00002EE | Failure Reason: An Error occurred during Logon |
| 0XC0000413 | Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine. |
Event 4625 is returned when account was Locked By Intruder for Active Directory Account Lockout
More Information#
There might be more information for this subject on one of the following:- [#1] - 4625(F) An account failed to log on
- based on information obtained 2018-03-27
- [#1] - Windows Security Log Event ID 4624 - based on information obtained 2018-03-27
