We just setup a two node Windows 2012 Hyper V cluster. Everything is working correctly, but in the Security log on both nodes, we're getting Event ID's 4738 and 4724 every 3 minutes for the built in CLIUSR (Failover Cluster Local Identity) that
gets created with the cluster (there's a local CLIUSR account on each node). Because we have an application that parses the security logs and emails us about user account changes, we're getting spammed because of this. Does anyone know if
this is normal behavior for that CLIUSR account? Any way to suppress this? On the account properties, "User cannot change password" and "Password never expires" are both checked. I appreciate any insights people might
have. Thanks
↧