Event ID: 529
Reason: Unknown user name or bad password.
User Name: 1A
Logon Type: 2
Authentication Package: Negotiate
Workstation Name: XPSystem
It appears to me that the domain user is logging on to this system and typing the password together with the username.
I am puzzled as to why I would see "Joejj21~Bcd" in the Domain field instead of our domain name. Is someone trying to access another domain or is this a bug in Microsoft?
I also see Event ID 537 with the same User Name: 1A and Domain: Joejj21~Bcd when Event ID 529 occurred in the security log.