Windows Security Log Event ID 4776
Operating Systems Windows Vista
Windows Server 2008
Category
 • Subcategory
Account Logon
 • Credential Validation
Type Success
Failure
Corresponding events
in Windows 2003
and before
680 , 681  
Discussions on Event ID 4776
Successful Logon then 4776 Failure?
4776 error code 0xc0000371
How can i retrieve the domain of a user?
Event fires during patch application?

4776: The domain controller attempted to validate the credentials for an account

On this page

Despite what this event says, the computer is not necessarily a domain controller; member servers and workstations also log this event for logon attempts with local SAM accounts.

When a domain controller successfully authenticates a user via NTLM (instead of Kerberos), the DC logs this event. This specifies which user account who logged on (Account Name) as well as the client computer's name from which the user initiated the logon in the Workstation field.

For Kerberos authentication see event 4768, 4769 and 4771.

This event is also logged on member servers and workstations when someone attempts to logon with a local account. 

Authentication Package: Always "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"

Logon Account: name of the account

Source Workstation: computer name where logon attempt originated

Error Code:

C0000064 user name does not exist
C000006A user name is correct but the password is wrong
C0000234 user is currently locked out
C0000072 account is currently disabled
C000006F user tried to logon outside his day of week or time of day restrictions
C0000070 workstation restriction
C0000193 account expiration
C0000071 expired password
C0000224 user is required to change password at next logon
C0000225 evidently a bug in Windows and not a risk

Top 10 Windows Security Events to Monitor

The domain controller attempted to validate the credentials for an account.

Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: administrator
Source Workstation: WIN-R9H529RIO4Y
Error Code: 0xc0000064

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this



Training for the Windows Security Log