Event logging and reporting
The password filter logs events to the Application log on the domain controllers using the event source LithnetPasswordProtection. Reporting is easily performed using a logging and analytics service such as Microsoft OMS or Splunk. The following table lists the event log messages that are logged by the module, and their descriptions.
1
Error
An unexpected error occurred
The filter encountered an unexpected error and could not process the request
2
Warning
The Lithnet AD Password Filter is currently disabled and has not evaluated the password change request
This message appears when the filter is installed and registered with LSASS, but has been disabled and is not evaluating password changes
3
Info
The password filter has been successfully loaded
Appears in the event log at startup when the password filter has been successfully loaded by windows (v1.0.7234 and later)
4
Success
Processing a password %1 request for %2 (%3).
Each password set/change attempt will cause this event to be logged
5
Success
The password %1 request for %2 (%3) was approved.
This event is logged when a password is approved by the filter
8
Error
An unexpected error occurred
The filter encountered an unexpected win32 error and could not process the request
9
Error
There was a problem opening the store file. Check that the store folder exists and is accessible
The store could not be accessed by the filter. Make sure that SYSTEM has permission to read the folder and files if the store is local, if its on a remote share, ensure that the machines computer account has read access to the share
8193
Warning
The password %1 request was rejected. The module is configured to deny password requests when an error occurs.
8194
Warning
The password %1 request for %2 (%3) was rejected because its length (%4) did not meet the minimum configured length (%5).
8195
Warning
The password %1 request for %2 (%3) was rejected because it matched a password in the compromised password store.
8196
Warning
The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the compromised password store.
8197
Warning
The password %1 request for %2 (%3) was rejected because it did not match the approval regular expression.
8198
Warning
The password %1 request for %2 (%3) was rejected because it matched the rejection regular expression.
8199
Warning
The password %1 request for %2 (%3) was rejected because it achieved only %4 of the required %5 complexity points.
8200
Warning
The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password below the specified threshold.
8201
Warning
The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password above the specified threshold.
8202
Warning
The password %1 request for %2 (%3) was rejected because it contained the account name
8203
Warning
The password %1 request for %2 (%3) was rejected because it contained at least part of the display name
8204
Warning
The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password of %4 characters.
8205
Warning
The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the banned word store.
Last updated