| Event Id | 530 |
| Source | Security |
| Description | Logon Failure: Reason: Account logon time restriction violation User Name: <User Name> Domain: <Domain Name> Logon Type: <Logon Type> Logon Process: <Logon Process> Authentication Package: <Authentication Package> Workstation Name: <Workstation Name> Caller User Name: <Caller User Name> Caller Domain: <Caller Domain> Caller Logon ID: <Caller Logon ID> Caller Process ID: <Caller Process ID> Transited Services: <Transited Services> Source Network Address: <Source Network Address> Source Port: <Source Port> |
| Event Information | According to Microsoft : Cause : The user account and password are correct, but the logon attempt failed because it occurred outside the hours that the user is allowed to log on. This restriction is configured on the user's domain account. Resolution : To verify this user account is not denied access during a specific time period,Follow these steps. 1.Click Start, click Run, type Dsa.msc , and then click OK. 2.Expand the domain that you want, and then click Users. 3.In the right pane, right-click the user account that is used for user's access, and then click Properties. 4.On the Account tab, click Logon Hours. 5.Configure the logon hours that you want, and then click OK. --------------------------------------------------------------------------------------------- Cause: This event record indicates that an attempt to log on was made and rejected because the user tried to log on before or after the hours that the user is allowed to connect to the server. |
| Reference Links | Event ID 530 from Source Security Alternate Event ID in Vista and Windows Server 2008 is 4625. (Article) Differentiating Event ID 530 Logon Failures (Article) |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.