New install of Backup Exec 2014, have installed the Windows Agent on a VMware virtual server. Last 3 nights we have been receiving the following error in the Security Event log:
Event 4625
An account failed to log on.
Subject:
Security ID: SYSTEM
Account Name: <LOCAL SERVER>
Account Domain: <OUR DOMAIN>
Logon ID: 0x3e7
Logon Type: 4
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: <ESX Admin account>
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0x140
Caller Process Name: C:\Program Files\Symantec\Backup Exec\RAWS\beremote.exe
Network Information:
Workstation Name: <LOCAL SERVER>
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Here's what I don't get. The <ESX Admin Account> that is being used is setup properly in the Backup Exec Media Server under logon accounts, but it is used for accessing the ESX hosts themselves, not the guest servers. That account exists only on the ESX servers, not as a user account in the local domain. The guest server should be using a domain account setup specially just for the Backup Exec system and that is also setup as the default logon account. This server, <LOCAL SERVER>, is actually backed up at 7PM and displays no errors and is successful. The above error occurs about 4 hours later and no active jobs involving this server are running. I have seen this same issue on 3 other servers, doing the exact same thing. Any ideas on what is going on?
Note that this issue is not preventing jobs from being ran, but it is showing up in our security logs as a failed attempt for a "special access account" and our auditors see this and are questioning why it is happening. This is the reason I need this resolved. Thanks.