Allowed Attempts for Multi-Factor Authentication Exceeded
Sent when a user exceeds the allowed number of attempts for multi-factor authentication. For more information, see Multi-Factor Authentication.
General Information
Event ID: 40206
Event message details: User <UserName> has been locked out by entering too many invalid MFA codes
Severity: Info
Parameters
Parameter Name | Description | Example |
|---|---|---|
UserName | Name of the user who performed an operation. | UserName="TECH\user1" |
Endpoint | Mobile device where the attempt was detected. | Endpoint="[::1]:52182" |
SID | User security identifier. | SID="S-1-5-21-670747961-1840839389-3357612639-1134" |
VbrHostName | Backup server name. Can be a DNS name, an FQDN or an IP address. | VbrHostName="vbrsrv01.tech.local" |
VbrVersion | Veeam Backup & Replication version. | VbrVersion="12.3.1.1139" |
Version | Event version (service parameter). | Version="1" |
Description | Event message details. | Description="User TECH\user1 has been locked out by entering too many invalid MFA codes." |
Syslog Message Example
1 2025-03-23T20:50:33.367146+02:00 VBRSRV01 Veeam_MP - - [origin enterpriseId="31023"] [categoryId=0 instanceId=40206 UserName="TECH\user1" Endpoint="[::1]:52785" SID="S-1-5-21-670747961-1840839389-3357612639-1134" VbrHostName="vbrsrv01.tech.local" VbrVersion="12.3.1.1139" Version="1" Description="User TECH\user1 has been locked out by entering too many invalid MFA codes."] |