# Solved: Help with Event ID 4625



## bradly

Hi Network Pros!

I am having a problem finding out why I keep getting this error from a user/laptop logging in to Terminal Services:

__________
Network Information:
Workstation Name:	HPDV6575-01
Source Network Address:	fe80::1fb:87af:4864:d6a8
Source Port: 49182
Detailed Authentication Information:
Logon Process: NtLmSsp 
Authentication Package:	NTLM
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0
_____________

Usually I get these errors and the Source Network Address is an IP address. When I follow up with it, the user put in the wrong password. However, this Source Network Address is confusing me, and the user is not even logged in, or trying to log in.

Can anyone help? Any ideas?

Thanks in advance!
Brad


----------



## Elvandil

Do you know which machine that the IP fe80::1fb:87af:4864:d6a8 is assigned to?

If you do, check to see what is accessing port 49182. Or simply disable IPv6 if you never use it.


----------



## bradly

Ahhh, thanks Elvandil! I didn't even think of IPv6, and the fact that it's IP addresses are way different. I will just disable IPv6 on that machine (it's one of very few machines that have Vista).

Cheers!


----------



## Elvandil

bradly said:


> Ahhh, thanks Elvandil! I didn't even think of IPv6, and the fact that it's IP addresses are way different. I will just disable IPv6 on that machine (it's one of very few machines that have Vista).
> 
> Cheers!


It will certainly be a while before we can read those things with any facility. But we'll get used to them sooner or later.


----------

