jspωiki
Event 4625

Overview[1][2]#

Event 4625 is an Windows Security Log Event within the Microsoft Windows Logging system indicating a Error for Entity Authentication

Event 4625 relates closely to the Common Active Directory Bind Errors.

Event 4625 indicates an Authentication Failure has occurred The Windows Logon Sub_Status fields are used to determine details on the logging event.

Sub-Status CodeDescription
0x80090325The Certificate Chain was issued by an Trust Anchor (CA) that is not trusted. (Not really part of Authentication Failure)
0XC000005EThere are currently no logon servers available to service the logon request.
0xC0000064User logon with misspelled or bad userID
0xC000006AUser logon with misspelled or bad password
0XC000006DThis is either due to a bad username or authentication information (ERROR_LOGON_FAILURE)
0XC000006EUnknown user name or bad password
0xC000006FUser logon outside authorized hours (ERROR_INVALID_LOGON_HOURS)
0xC0000070User logon from unauthorized workstation (ERROR_INVALID_WORKSTATION)
0xC0000071User logon with expired password (ERROR_PASSWORD_EXPIRED)
0xC0000072User logon with Administratively Disabled UserId
0XC00000DCIndicates the Sam Server was in the wrong state to perform the desired operation.
0XC0000133Clocks between Domain Controller and other computer too far out of sync (Time synchronization)
0XC000015BThe user has not been granted the requested logon type (aka logon right) at this machine (ERROR_INVALID_WORKSTATION)
0XC000018CThe logon request failed because the trust relationship between the primary domain and the trusted domain failed.
0XC0000192An attempt was made to logon, but the Netlogon service was not started.
0xC0000193User logon with expired account (ERROR_ACCOUNT_EXPIRED)
0XC0000224User is required to change password at next logon (ERROR_PASSWORD_MUST_CHANGE)
0XC0000225Evidently a bug in Windows and not a risk
0xC0000234User logon with AccountLocked (ERROR_ACCOUNT_LOCKED_OUT,Intruder Detection)
0XC00002EEFailure Reason: An Error occurred during Logon
0XC0000413Logon Failure: The machine you are logging onto is protected by an authentication firewall. The specified account is not allowed to authenticate to the machine.

Event 4625 is returned when account was Locked By Intruder for Active Directory Account Lockout

More Information#

There might be more information for this subject on one of the following: