Event Log Audit Failure due to Agent.Service.exe

So we are using Rapid Recovery

I'm getting a bunch of Audit Failures in the event log related to my admin account.  I can't find where my account is used.

The Quest Rapid Recovery Agent is set to LogON with Local System account.  I checked all of the settings in Rapid Recovery for the server but i can't find it.

Here is the event log entry:

An account failed to log on.

Security ID: SYSTEM
Account Name: "Server Name"
Account Domain: "domain"
Logon ID: 0x3E7

Logon Type: 4

Account For Which Logon Failed:
Security ID: NULL SID
Account Name: "my admin account"
Account Domain: "domain"

Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xC000006D
Sub Status: 0xC000006A

Process Information:
Caller Process ID: 0x9c8
Caller Process Name: C:\Program Files\AppRecovery\Agent\Agent.Service.exe

Network Information:
Workstation Name: "Server Name"
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

  • You said Agent so I assume this is on a protected machine and not the core? Is it safe to also assume this is not agentless?

    A few things that pop into my mind are things that can be configured per agent from the Core like Custom Notification or Exchange/SQL since they have login setting that can be set.

    But all that is a guess, I have never seen this issue