Security Event 681

Article ID : 273499 Last Review : September 23, 2003 Revision : 3.0

When auditing logon events on a Windows 2000-based domain controller (DC) and
a failed logon attempt is made from a down-level client or
through a trust with a down-level domain, a "Failure Audit" event with an event ID of 681 may be logged in the Security Event log, the source of the event is "Security".

Error codes in the Event Log message are shown in decimal , but they should be intrepreted as hexadecimal values.

common error codes:

Error Code Hex User logon...
3221225572 C0000064 with misspelled or bad user account
…5578 …06A with misspelled or bad password
…5581 …06D has incorrect user name
…5583 …06F outside authorized hours
…5584 …070 from unauthorized workstation
…5585 …071 with expired password
…5586 …072 to account disabled by administrator
…5875 …193 with expired account
…6020 …224 with "Change Password at Next Logon" flagged
…6036 …234 with account locked

Error Code	Hex	User logon...
3221225572	C0000064	with misspelled or bad user account
…5578	…06A	with misspelled or bad password
…5581	…06D	has incorrect user name
…5583	…06F	outside authorized hours
…5584	…070	from unauthorized workstation
…5585	…071	with expired password
…5586	…072	to account disabled by administrator
…5875	…193	with expired account
…6020	…224	with "Change Password at Next Logon" flagged
…6036	…234	with account locked

kbinfo KB273499

previously published under Q273499

http://support.microsoft.com/kb/273499/en-us

Dont do it

Security Event 681

Keywords: