Event Id 680

Posted on  by



Monitor unlimited number of servers
Filter log events
Create email and web-based reports

  1. Cancellation Policy: To receive a refund, a cancellation request must be received one week prior to the beginning date of the program.
  2. Event ID 680 - Account Used for Logon by When a user is successfully authenticated via NTML instead of Kerberos authentication, event ID 680 is logged. This log data gives the following information.

Learn what other IT pros think about the 680 Failure Audit event generated by Security. Get answers to your event log question in minutes. Security Failure Audit: 680 - Windows Events - Spiceworks.

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Security
Success Audit
680
Account Used for Logon by: <authentication package>
Account Name:
<user name>
Workstation:
<computer name>
Security
Failure Audit
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: <account>
Source Workstation: <workstation>
Error Code: <error code>.

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Event Id 6804

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Comments for event ID 680 currently in the processing queue.

Note: We have not reviewed this information yet so it is unfiltered, exactly how it was submitted by our contributors.

Event Id 680
Event ID: 680
Event Source: security
Event Type: Error
Event Description: While logging via remote desktop
Comment:
Event
Event ID: 680
Event Source: workstation
Event Type: Error
Event Description: error Code: 0xC000006A
Comment:

Event Id 6801

Event ID: 680
Event Source: Security
Event Type: -
Event Description: -
Comment: In my case vas Sophos Update accont lockout Index: 2267
Event ID: 680
Event Source: Security
Event Type: -
Event Description: -
Comment: According Microsoft knowledge base article 189541, the errors you most likely receive are:
0xC0000234 User logon with Account Locked
0xC000006A User logon with Misspelled or bad Password
0xC0000072 User logon to account disabled by Administrator
0xC0000193 User logon with Expired Account
0xC0000070 User logon from unauthorized workstation
0xC000006F User logon Outside authorized hours
0xC0000224 User logon with 'Change Password at Next Logon' flagged
0xC0000071 User logon with Expired Password
0xC0000064 User logon with Misspelled or Bad User Account Index: 2267
Event ID: 680
Event Source: Security
Event Type: -
Event Description: -
Comment: 680 can also be a Failure Audit and that is not addressed here, but should be. I'm getting Failure Audits with Event ID 680 and Error code 0xC000006A. I'd like to know the cause and the fix. Index: 8

Event Id 6803

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Event Id 6801 Adsync

Event

Event Id 6803

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.