-
Title
Event ID 4625 displayed in the Event Logs -
Description
You may have noticed that when connecting to an Active Roles service via Management Shell using the ‘Get-Credential’ cmdlet and the service is located on an untrusted domain, Events with the ID 4625 get recorded in the Event Logs.
Example of cmdlet used:
$cred = get-credential
Connect-QADService -service server.not.trustedcontoso.com -proxy $cred
The credentials used are correct and the connection works, the failed events are still recorded.
-
Cause
This is with the underlying Microsoft APIs as it first attempts that attempts the connection with the NTLM credentials of the logged on account, before sending/reattempting the connection with the credentials that have been supplied with the ‘Get-Credential’ cmdlet.
This all happens on the network layer and is beyond Active Roles’ control.
-
Resolution
WORKAROUND
None.
SOLUTION
Ignore the generated Event ID 4625.