Skip navigation

JSI Tip 3207. Windows 2000 Audit Event Id 681 error codes?

In tips 0264, 0441, and 0749, I described Audit Event Ids.

When a down-level client fails a logon attempt, Windows 2000 generates Event Id 681 on the Windows 2000 domain controller.

NOTE: This also happens through a trust to a down-level domain.

The source of the event is Security. These events contain error codes which I will describe.

NOTE: The error codes in the Security Event log message are displayed in decimal.

Error Code     Hexadecimal    
Error Code    
3221225572       C0000064     User logon with misspelled or bad user account    
3221225578       C000006A     User logon with misspelled or bad password    
3221225583       C000006F     User logon outside authorized hours    
3221225584       C0000070     User logon from unauthorized workstation    
3221225585       C0000071     User logon with expired password    
3221225586       C0000072     User logon to account disabled by administrator    
3221225875       C0000193     User logon with expired account    
3221226020       C0000224     User logon with "Change Password at Next Logon" flagged    
3221226036       C0000234     User logon with account locked    

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.