IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

what is the difference between Failure Audit: An account failed to log on and Failure Audit: The domain controller failed to validate the credentials for an account

  • 1.  what is the difference between Failure Audit: An account failed to log on and Failure Audit: The domain controller failed to validate the credentials for an account

    Posted Fri January 24, 2020 09:02 AM
    Hi All,

    while analyzing failure logs for an user I found out two different failure logs,
    Failure Audit: An account failed to log on
    Failure Audit: The domain controller failed to validate the credentials for an account

    can some one say what is the difference between these two failure events.

    ------------------------------
    Shyam Sundar
    ------------------------------


  • 2.  RE: what is the difference between Failure Audit: An account failed to log on and Failure Audit: The domain controller failed to validate the credentials for an account

    Posted Sat January 25, 2020 06:07 AM
    Failure Audit: An account failed to log on
    This event is generated simply when a user fails to login because of a wrong username or password. 

    Failure Audit: The domain controller failed to validate the credentials for an account
    This event is generated because of the following resons:
    1) When a domain controller successfully authenticates a user via NTLM (instead of Kerberos), the DC logs this event.
    2) Member servers and workstations also log this event for failed logon attempts with local SAM accounts.



    ------------------------------
    Talal Ansari
    ------------------------------

    Original Message


Related Content