Share this article
This article is translated in
Improve this guide
Event ID 4625: How to Fix the Failed Logon Error
Delete saved passwords from old cache to login again
5 min. read
Updated onOctober 4, 2023
updated onOctober 4, 2023
Share this article
This article is translated in
Improve this guide
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
Key notes
Accessing the Windows Server can sometimes be a hassle, even for verified users. Sometimes, it’s theWindows Server Manager that’s not opening, while other times, you get a logon error dubbed Event ID 4625.
In such cases, it’s usually your password that is probably expired, so an update should do the trick. However, if that does not work, read on to find out how to bypass this logon failure.
What is Event ID 4625 failure reason?
The Event ID 4625 is a logon error that occurs when you try to access the Windows server. If accompanied by Event ID 4625 status 0xc00006d, you’ll know it’s a bad password.
Typically, this occurs because the system uses a cached password rather than an updated one you entered. This is because of how Windows stores password in a database.
When you log into a domain, it looks at this database to determine what your account’s password is. If it finds a match, then it just uses the stored version instead of prompting you for one.
Other reasons for this error include:
How can I fix Event ID 4625 logon error?
Before you attempt any of the recommended solutions below, ensure you check the following:
1. Rejoin the domain
2. Remove hidden credentials
The logon types should provide more detail to help you narrow the type of failure. If you get the Event ID 4625 logon type 3, Event ID 4625 logon type 4, or Event ID 4625 logon type 8, you should be able to get more information on where the user tried to log in from.
3. Disable NTLM logins
NTLM is an authentication protocol used by Windows systems to provide additional security when users access resources on a network. It can authenticate users against an Active Directory domain controller without supplying a password.
However, it’s also the most easily attacked authentication protocol and can be disabled for improved security.
The most common reason administrators disable NTLM authentication on their servers is that users have trouble logging into their systems when they are away from their offices or behind a proxy server.
For maximum security on your Windows Server, we recommend that youenable the TLS protocoland avoid outdated versions with known vulnerabilities.
Elsewhere, you may also encounter theEvent ID 4768 error, so be sure to check out our detailed guide for various fixes.
Please let us know if you have any additional solutions in the comment section below.
More about the topics:event log viewers,windows server
Claire Moraa
Windows Software Expert
Claire has a knack for solving problems and improving the quality of life for those around her. She’s driven by rationality, curiosity, and simplicity, and always eager to learn more about Microsoft’s products. With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11, errors, and software.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Claire Moraa
Windows Software Expert
With a background in teaching and reviewing, she breaks down complex topics into easily understandable articles, focusing mostly on Windows 11 errors.
