Are you a member of the Splunk Community?
- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Security
- :
- what does it mean status =0xc000006d and sub statu...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
could any one suggest me how can I take this problem. Actually I have been working on PCI in Splunk tool. so recently I am able to see these messages leads the user got failed many times in this Splunk. many events has generated related to this message.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is that from a 4625 Windows Security event?
The below list is all the published status codes, but there is no "6D" status.
Are you able to share a complete event?
0xC0000064 user name does not exist
0xC000006A user name is correct but the password is wrong
0xC0000234 user is currently locked out
0xC0000072 account is currently disabled
0xC000006F user tried to logon outside his day of week or time of day restrictions
0xC0000070 workstation restriction, or Authentication Policy Silo violation (look for event ID 4820 on domain controller)
0xC0000193 account expiration
0xC0000071 expired password
0xC0000133 clocks between DC and other computer too far out of sync
0xC0000224 user is required to change password at next logon
0xC0000225 evidently a bug in Windows and not a risk
0xc000015b The user has not been granted the requested logon type (aka logon right) at this machine
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have been observing on 4625 event codes in the splunk for PCI dashboard. so in that incidents I am able to see why the user got failed and failure reason showing like:
Failure Information:
Failure Reason: An Error occured during Logon.
Status: 0xc000006d
Sub Status: 0x0
so how could I take this please give me reason what exactly about failure.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is that from a 4625 Windows Security event?
The below list is all the published status codes, but there is no "6D" status.
Are you able to share a complete event?
0xC0000064 user name does not exist
0xC000006A user name is correct but the password is wrong
0xC0000234 user is currently locked out
0xC0000072 account is currently disabled
0xC000006F user tried to logon outside his day of week or time of day restrictions
0xC0000070 workstation restriction, or Authentication Policy Silo violation (look for event ID 4820 on domain controller)
0xC0000193 account expiration
0xC0000071 expired password
0xC0000133 clocks between DC and other computer too far out of sync
0xC0000224 user is required to change password at next logon
0xC0000225 evidently a bug in Windows and not a risk
0xc000015b The user has not been granted the requested logon type (aka logon right) at this machine
Community Content Calendar, September edition
Splunkbase Unveils New App Listing Management Public Preview
Leveraging Automated Threat Analysis Across the Splunk Ecosystem
