Some events (628 and 644) of a Windows 2003 are coming in with an empty Message field.

ex:

LogName=Security
SourceName=Security
EventCode=628
EventType=8
Type=Success Audit
ComputerName=server1
User=userx
Sid=S-1-5-21-1805228463-3643871152-3900399489-27398
SidType=1
Category=7
CategoryString=Account Management
RecordNumber=665178237
Message=

However, other events such as 680, 540, 538, 672, 836, 837 are logging correctly.

ex:

LogName=Security
SourceName=Security
EventCode=680
EventType=16
Type=Failure Audit
ComputerName=server1
User=SYSTEM
Sid=S-1-5-18
SidType=5
Category=9
CategoryString=Account Logon
RecordNumber=6651ff787
Message=Logon attempt by:   MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Logon account:  hosta$

Source Workstation: \\hosta

Error Code: 0xC0000199

It is normal?