Code for Multi-Factor Authentication Already Used
Sent when a user enters a multi-factor authentication confirmation code that has already been validated. For more information, see Multi-Factor Authentication.
General Information
Event ID: 40207
Event message details: An attempt to use already validated MFA code has been performed for <UserName>
Severity: Info
Parameters
|
Parameter Name |
Description |
Example |
|---|---|---|
|
UserName |
Name of the user who performed an operation. |
UserName="TECH\user1" |
|
Endpoint |
Mobile device where the attempt was detected. |
Endpoint="[::1]:52182" |
|
SID |
User security identifier. |
SID="S-1-5-21-670747961-1840839389-3357612639-1134" |
|
VbrHostName |
Backup server name. Can be a DNS name, an FQDN or an IP address. |
VbrHostName="vbrsrv01.tech.local" |
|
VbrVersion |
Veeam Backup & Replication version. |
VbrVersion="13.0.1.180" |
|
Version |
Event version (service parameter). |
Version="1" |
|
Description |
Event message details. |
Description="An attempt to use already validated MFA code has been performed for TECH\user1." |
Syslog Message Example
|
1 2025-11-29T16:32:04.193345+02:00 VBRSRV01 Veeam_MP - - [origin enterpriseId="31023"] [categoryId=0 instanceId=40207 UserName="TECH\user1" Endpoint="[::1]:52785" SID="S-1-5-21-670747961-1840839389-3357612639-1134" VbrHostName="vbrsrv01.tech.local" VbrVersion="13.0.1.180" Version="1" Description="An attempt to use already validated MFA code has been performed for TECH\user1."] |