Multiple Login fail events occur on the Control Compliance Suite (CCS) Manager Server with Audit Failure Event ID 4625
The following error is noted in the Windows Event Viewer on the CCS Manager Machine-
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer:
Description:An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name:
Account Domain:
Logon ID:
Logon Type: 2
Account For Which Logon Failed:
Security ID: NULL SID
Account Name:
Account Domain:
Failure Information:
Failure Reason: An Error occurred during Logon.
Status: 0xC0000413
Sub Status: 0x0
Process Information:
Caller Process ID: 0x260c
Caller Process Name:
Windows
The CCS Application Server Certificate subject does not match with the name of the object (CCS AppServer Service user account) that is present in the Active Directory (AD)
The Audit Failure Event (Event ID 4625) issue can be resolved by mapping the certificates to the CCS App server User ID in AD.
Map certificates to CCS Service account in AD for CCS App Server and CCS Manager for component communication without Audit Failures.
Use the following steps to export CCS certificates for CCS components and map them to Active Directory accounts.
Perform these steps on CCS App Server and All CCS Managers
NOTE: These steps will need to be performed on each server hosting the CCS Manager role.
Please note the certificate in step 8 will be unique for CCS Manager role (i.e. CCSManager-%Machine_Name%). It is helpful to store all exported certificate files (.CER) in a folder accessible to the Domain Controller.