1. PDQ Deploy & Inventory Help Center
  2. Community
  3. PDQ Inventory
 

Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

PDQ generates event ID 4625 on some Computers repeatedly

Avatar
Nicholas Sansone

We use PDQ on about 300+ computers. I've setup event ID monitoring recently and in came a flood of 5000+ emails for invalid logon attempts to workstations with Event ID 4625. The event references the PDQ server by the machine account attempting to connect. We don't have any issues with PDQ working, the scan account is setup as an AD account, but there are thousands of these logs every day. 

They are all on the domain, they are all trusted, there are no issues on the domain side. The PDQ server should no be tryin to authenticate with the workstation using the machine name. 

The description for Event ID 4625 from source Microsoft-Windows-Security-Auditing cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

EV_RenderedValue_0.00
-
-
0
EV_RenderedValue_4.00
CHV19PDQ$ <-------Server Name
O.xxxxxxxxORG <----- Domain
3221225819
%%2308
0
3
Kerberos
Kerberos
-
-
-
0
0
-
10.30.0.20
59834

The handle is invalid

1

Comments

0 comments