Failed logon event generated even when OpManager monitors the device using correct credential
Consider the following scenario:
You have two or more computers running Windows.
The computers are setup in a workgroup or domain environment.
You run a remote WMI query using an application that makes WMI calls from one computer to another computer.
In this scenario, if you review the Security log on the remote computer you will notice an Event ID 4625 with regards to failure audit events for failed logon with bad username or password. You will also note that subsequently there is a successful logon with the credentials specified on the remote WMI query.
This is due to the fact that pass-through authentication is always attempted first even if specific credentials are specified in the tool being used.