Event logging and reporting
The password filter logs events to the Application log on the domain controllers using the event source LithnetPasswordProtection. Reporting is easily performed using a logging and analytics service such as Microsoft OMS or Splunk. The following table lists the event log messages that are logged by the module, and their descriptions.
| Code | Severity | Message | Notes |
|---|---|---|---|
1 | Error | An unexpected error occurred | The filter encountered an unexpected error and could not process the request |
2 | Warning | The Lithnet AD Password Filter is currently disabled and has not evaluated the password change request | This message appears when the filter is installed and registered with LSASS, but has been disabled and is not evaluating password changes |
3 | Info | The password filter has been successfully loaded | Appears in the event log at startup when the password filter has been successfully loaded by windows (v1.0.7234 and later) |
4 | Success | Processing a password %1 request for %2 (%3). | Each password set/change attempt will cause this event to be logged |
5 | Success | The password %1 request for %2 (%3) was approved. | This event is logged when a password is approved by the filter |
8 | Error | An unexpected error occurred | The filter encountered an unexpected win32 error and could not process the request |
9 | Error | There was a problem opening the store file. Check that the store folder exists and is accessible | The store could not be accessed by the filter. Make sure that |
8193 | Warning | The password %1 request was rejected. The module is configured to deny password requests when an error occurs. | |
8194 | Warning | The password %1 request for %2 (%3) was rejected because its length (%4) did not meet the minimum configured length (%5). | |
8195 | Warning | The password %1 request for %2 (%3) was rejected because it matched a password in the compromised password store. | |
8196 | Warning | The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the compromised password store. | |
8197 | Warning | The password %1 request for %2 (%3) was rejected because it did not match the approval regular expression. | |
8198 | Warning | The password %1 request for %2 (%3) was rejected because it matched the rejection regular expression. | |
8199 | Warning | The password %1 request for %2 (%3) was rejected because it achieved only %4 of the required %5 complexity points. | |
8200 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password below the specified threshold. | |
8201 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password above the specified threshold. | |
8202 | Warning | The password %1 request for %2 (%3) was rejected because it contained the account name | |
8203 | Warning | The password %1 request for %2 (%3) was rejected because it contained at least part of the display name | |
8204 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password of %4 characters. | |
8205 | Warning | The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the banned word store. |
Last updated