顯示具有 Microsoft 標籤的文章。 顯示所有文章
顯示具有 Microsoft 標籤的文章。 顯示所有文章

2024/06/18

win10安裝framework3.5

最近win10下載framework3.5安裝時,一直失敗,都是在下載必要原件的地方失敗,改機碼也沒用。

後來看到一招,就是找一個win server2012以上的安裝iso,把裡面的sxs資料夾複製到win10的c槽,然後用powershell執行下列指令,就成功了。

dism.exe /online /enable-feature /featurename:netfx3 /Source:c:\sxs



Recently, I kept failing to install Framework 3.5 on Windows 10. The failure always occurred at the stage of downloading the necessary components, and modifying the registry didn't help.

Later, I found a method that worked. You need to find an installation ISO for Windows Server 2012 or later, copy the "sxs" folder from the ISO to the C drive of your Windows 10 machine, and then execute the following powershell command. This solved the problem:

dism.exe /online /enable-feature /featurename:netfx3 /Source:c:\sxs

2024/05/09

EPSON無線投影

 EPSON買一些投影機有內建無線投影功能,有分成兩種投影模式。

1- screen mirroring

這種方式投影很簡單,投影機本身不需做任何設定,client電腦,win10以上,按下win + p鍵,就可以找到"連接到無線顯示器"的選項,選下去後,就會搜尋到投影機,直接進行連接投影,非常方便。



2- iProjection

這個就要先在投影機上,設定連上內部的無線網路。

然後client電腦要裝Epson 的iProjection 無線投影軟體。

client電腦跟投影機都在同一個區網內,iProjection程式執行後,就會自動搜尋到投影機讓你連線投影。


2024/04/30

win10電腦麥克風沒反應 收不到音

某台asus win10的筆電內建麥克風跟外接耳麥,都收不到音。

但在裝置管理員裡都有找到設備,所以就更新驅動,結果還是沒用。

後來拿閒置硬碟換上去裝了win11後,居然都沒問題,那表示硬體沒故障。

在換回win10 後,突然想到,去設定裡面看看,結果發現在"隱私權"裡面有一個"麥克風"的設定,有一個"存取此裝置的麥克風"居然是關閉的,改成開啟後,麥克風就正常了。



An ASUS laptop running Windows 10 had issues with both the built-in microphone and external headset not picking up any sound. Even though the devices were detected in the Device Manager, updating the drivers didn't solve the problem.

Later, when a spare hard drive was installed and Windows 11 was installed on it, surprisingly, there were no issues with the microphone. This suggested that there was no hardware fault.

Upon reverting back to Windows 10, checked the settings. It was discovered that under "Privacy," there was a setting for "Microphone," and the option to "Allow apps to access your microphone" was inexplicably turned off. After toggling it on, the microphone started working properly again.


2024/04/29

所有網路共用資料夾都連不上 錯誤代碼:0x80004005

 有台win7電腦有時後會突然連不到所有的共用資料夾都連不上 ,錯誤代碼都是0x80004005。

但上網都正常,去ping那些共用資料夾的主機也正常。

經查才發現,那個win7電腦的網卡內容裡,少了很多項目,正常的應該要像下圖一樣,但那台電腦裡的網卡內容只剩ipv4的設定。

要把其他功能找回來,就只要按下左下方的"安裝",裡面就有其他項目可以選,選好後馬上就會裝回來了,但是要重開機後,會生效。




Sometimes a Windows 7 computer suddenly cannot connect to any shared folders, and the error code is always 0x80004005.

However, internet browsing works fine, and pinging the hosts of those shared folders also works.

Upon investigation, it was found that many items were missing from the network card settings of that Windows 7 computer. Normally, it should look like the image below, but the network card settings on that computer only have IPv4 configuration.

To restore the missing functionality, simply click on "Install" at the bottom left, where there are other items to select. After selecting the desired items, they will be installed immediately, but a reboot is required for the changes to take effect.



2024/01/23

EDGE開啟pdf檔直接另存

 有時後用EDGE在瀏覽網頁時,看到一些PDF檔,EDGE可以直接顯示,不用另存成PDF檔,再用 PDF reader開啟。

如果希望直接存在PDF檔,不要在EDGE中直接開啟,可以調整機碼來達行。

機碼位置如下,如果沒有的話,可以自行手動新增,設定好要重開機才會生效。



Sometimes, when browsing web pages using EDGE, you may come across PDF files that EDGE can display directly without the need to save them as PDF files and then open them with a PDF reader.

If you prefer to save the PDF file directly instead of opening it in EDGE, you can adjust the registry to achieve this.

If you cannot find this registry entry, you can manually add it yourself and ensure that the changes take effect after restarting your computer.



2024/01/19

WIN10 安裝framework 3.5失敗 0X800F0954

 win10在裝framework 3.5一直失敗,錯誤代碼是 0X800F0954 。

有人說要去HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ 裡面調機碼,把UseWUServer的值改成0。

但發現自己的電腦裡並沒有這個機碼,所以就手動新增,設定好重開機,就可以成功安裝。



Windows 10 fails to install Framework 3.5, and the error code is 0X800F0954.

Some suggest modifying the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\ by changing the value of UseWUServer to 0.

However, it was found that the registry key was not present on the computer, so it was manually added. After configuring and restarting, the installation was successful.



2024/01/05

WINDOWS複製資料夾 包含權限

 如果要把A資料夾整個完整複製,包含裡面的權限跟所有資料,然後名稱變成B資料夾。

而且B資料夾本身的權限必須跟A資料夾相同,可以使用robocopy這個內建指令。

執行指令前要確認B資料夾不存在,再執行指令。

指令: robocopy D:\A D:\B /E /COPYALL



If you want to completely copy the entire A folder, including its permissions and all data inside, and rename it to B folder, you can use the built-in command robocopy.

Ensure that the B folder does not exist before executing the command.

Command: robocopy D:\A D:\B /E /COPYALL

2024/01/03

WINDOWS 檔案總管內點選檔案時速度很慢

使用者反應,他在檔案總管裡,開啟一個pdf檔案時很正常,然後再點其他pdf檔案後,檔案不會馬上開啟,要等個幾十秒,他認為是程式有問題。

把程式重新安裝後,還是一樣,後來發現在檔案總管內,是有開啟預覽窗格的功能,如果這個功能關閉,連續開啟不同檔案時,就不會有緩慢的問題了。




User feedback indicates that when he opens a PDF file in File Explorer, it works fine. However, when he tries to open another PDF file after that, the file doesn't open immediately; instead, it takes several seconds. He believes there is an issue with the program.

Even after reinstalling the program, the problem persists. Later, it was discovered that within File Explorer, there is a feature to open a preview pane. When this feature is disabled, there is no longer a delay issue when opening different files consecutively.

2023/11/28

無法使用IP連線共用資料夾 錯誤訊息 0x80004005

 某台win2012的電腦使用本機登入,要連到一個共用資料夾。

使用 \\電腦名稱\ 連線,會跳出帳號密碼驗證,接著輸入 網域\使用者帳號 做登入,沒問題。

但使用 \\IP\ 連線,會跳出帳號密碼驗證,接著輸入 網域\使用者帳號 做登入,會跳錯誤,代碼是 0x80004005。

查了網路上一些方法,改機碼,改gpedit安全性都沒用。

後來是會跳出帳號密碼驗證時,輸入 使用者帳號@網域,就成功了,很特別的狀況。


A Windows 2012 computer logged in locally attempts to connect to a shared folder.

When connecting to \\HostName\, a username and password prompt appears. Entering Domain\Username works without issue.

However, when connecting to \\IP\, a username and password prompt appears. Entering Domain\Username results in an error code of 0x80004005.

After trying some methods found online, such as changing registry keys and Group Policy security, the issue was not resolved.

Finally, entering Username@Domain at the username and password prompt resolved the issue.


2023/11/21

Edge用IE模式開網頁出現錯誤訊息 "Internet Explorer 已修改這網頁以協助防止跨網站指令碼攻擊"

 



在透過Edge的IE模式開啟某個內部網頁時,無法正常顯示內容,下方出現"Internet Explorer 已修改這網頁以協助防止跨網站指令碼攻擊"的錯誤訊息。
這時就到控制台裡的網際網路選項,在安全性裡面,找到這個網頁所屬的區域,開啟自訂層級,在裡面找到啟用xss篩選器,把它停用就行了。



When opening an internal web page in IE mode of Edge, the content cannot be displayed normally. The error message "Internet Explorer has modified this page to help prevent cross-site scripting attacks" appears below.

At this time, go to the Internet Options in Control Panel, find the area to which this page belongs in Security, open the Custom Level, find Enable XSS Filter, and disable it.



2023/10/06

Word插入物件出現錯誤-此物件是使用程式Acrobat建立。您的電腦並未安裝此程式

 在WORD程式內,透過插入物件的功能,要插入一個PDF檔,卻跳出"此物件是使用程式Acrobat建立。您的電腦並未安裝此程式......請安裝Acrobat或確定已關閉Acrobat中任何的對話"



先確認PDF檔都是可直接用Acrobat PDF Reader開啟,WORD試著插入EXCEL物件也正常。

所以就決定先重裝Acrobat PDF Reader,結果就解決問題了。


When trying to insert a PDF file into a Word document using the "Insert Object" function, the following error message appears: "This object was created using the Acrobat program. This program is not installed on your computer. Please install Acrobat or make sure that all Acrobat dialog boxes are closed."

I confirmed that the PDF files could be opened directly using Acrobat Reader. I also tried inserting an Excel object into a Word document, and that worked fine.

Based on these findings, I decided to reinstall Acrobat Reader. After doing so, the problem was resolved.

2023/08/24

GPO佈署EDGE IE瀏覽模式突然失效 被略過

原本有透過GPO在使用者的電腦,佈署EDGE政策,讓EDGE在開啟一些特定網頁時,會啟用IE瀏覽模式。

但這兩天開始有電腦的IE瀏覽模式沒被啟用,查看GPO確定是有套用沒錯,所以不是GPO的問題。

開啟EDGE查看設定,發現套用的政策被略過了,但只有少數人有這個狀況。


查了一下才知道是因為EDGE最近升級後,有一些改變。
如果使用者在EDGE裡登入了私人帳號,GPO佈署的政策就會被略過,只要登出帳號,就會恢愎正常了。



Originally, we deployed EDGE policies via GPO on users' computers to enable IE browsing mode when opening certain websites.


However, in the past two days, some computers have failed to enable IE browsing mode. After checking the GPO, we confirmed that it is being applied correctly. Therefore, the issue is not with the GPO.


When we opened EDGE and checked the settings, we found that the applied policies were being ignored. However, this was only happening for a small number of users.


After some investigation, we learned that this is because EDGE was recently updated. If a user is logged in to a personal account in EDGE, the policies deployed via GPO will be ignored. Simply logging out of the account will restore normal behavior.


2023/08/07

windows 使用batch 指令匯出dhcp lease位址租用紀錄

 如果是windows2012,powershell 4.0裡面有get-dhcp的指令把DHCP目前租用IP的清單做匯出。

但在windows2008,powershell 1.0沒這個指令,不想升級powershell,可以用netsh來完成,指令如下:


@echo off

netsh dhcp server scope 172.16.11.0 show clients > "%DATE:~0,4%%DATE:~5,2%%DATE:~8,2%_dhcp_clients.txt"

exit

指令會把172.16.11.0這個領域的IP租用匯出到txt中,檔名是會以當天的日期呈現。

如果要把每個領域都匯出,就把指令重覆貼上,改掉scope後面的領域IP就行了。



If you are using Windows 2012, PowerShell 4.0 includes the get-dhcp command to export a list of currently leased IP addresses from DHCP.

However, in Windows 2008, PowerShell 1.0 does not have this command. If you do not want to upgrade PowerShell, you can use netsh to complete the task. The command is as follows:

@echo off

netsh dhcp server scope 172.16.11.0 show clients > "%DATE:~0,4%%DATE:~5,2%%DATE:~8,2%_dhcp_clients.txt"

exit

This command will export the IP leases for the 172.16.11.0 scope to a text file. The file name will be in the format of YYYYMMDD_dhcp_clients.txt.

To export leases for all scopes, simply copy and paste the command, and change the scope IP address after scope.

2023/06/04

FreeFileSync 同步檔案時出現 sync.ffs_lock的相關錯誤 code error 5: Access refuse [create file]

 在win2019透過freefilesync要把遠端win2003的檔案同步過來本機的時後,有些資料夾都會出現錯誤,內容都是在本機端的資料夾中 sync.ffs_lock有錯誤, code error 5: Access refuse [create file]。

照字面上的意思應該就是同步的過程程式要產生一個sync檔,但無法建立。

可是我在本機端自己建立檔案時,都沒什麼異狀,就覺得很怪。

後來就手動用複製貼上檔案的方式,發現有時後會跳出錯誤訊息,大概就是說沒有權限,要用系統管理者執行之類的,可是我就是用本機管理者帳號在執行啊。

這時突然想到,那執行freefilesync時,要用系統管理者身份去執行,有三四個在同步會跳錯誤的資料夾,就通通都沒問題了。


When using FreeFileSync on Windows Server 2019 to sync files from a remote Windows Server 2003 to the local machine, some folders encounter errors. The error message states that there is an issue with the "sync.ffs_lock" file in the local folder, with error code 5: Access refused [create file].

According to the literal meaning of the error, it seems that the sync process is unable to create the "sync" file.

However, I noticed that there were no issues when manually creating files on the local machine, which struck me as odd.

Later, while manually copying and pasting files, I encountered occasional error messages indicating a lack of permission and suggesting the need for administrator privileges. However, I was already using the local administrator account to perform the operation.

At this point, it occurred to me that when running FreeFileSync, it should be executed with administrator privileges. When I ran the program as an administrator, the folders that were previously causing errors during synchronization, about three or four of them, synced without any problems.

2023/05/25

查詢DHCP IP的發送記錄

 如果想查詢近期DHCP server 的IP發送給哪一台主機,可以用下列方式查詢。

先開啟DHCP的管理工具,在server名稱按下滑鼠右鍵,選擇內容。 


接著就可以看到資料庫的路徑,進到該路徑後,就可以看到近期每天DHCP的發送記錄。



To determine which host was assigned a specific IP address by the DHCP server, you can follow these steps:

  1. Open the DHCP management tool.
  2. Right-click on the server name and select "Properties."
  3. In the properties window, you will find the database path.
  4. Navigate to the specified path, and you will be able to view the DHCP lease history for each day.
Note: Please note that the exact steps may vary depending on the DHCP management tool you are using and the version of Windows Server.

2023/05/24

chrome 部署自動清除cookie 設定

透過chrome登入某些網站後,都會產生cookie,下次在登入時,就可以不用輸入帳密就登入了,像是spotify,teams等等的網站。

但有時後卻希望網頁關閉,這些cookie就清除掉,避免下一次登入又自動使用上一次的帳密登入。

chrome的設定裡有一個清除cookie的功能,但這會清除所有的cookie,沒辦法只清除特定網站的cookie,也不太方便。






如果希望某網站的cookie在網頁關閉後清除,其實有另一個地方可以設定。
一律在視窗關閉時清除 Cookie這邊就可以把要自動清除cookie的網站加入就行了。





如果公司裡電腦很多台,要一台一台設定太麻煩了。
可以去下載chrome的adm檔(https://enterprise.google.com/chrome/chrome-browser/#download)
然後在群組原則管理工具中,新建一個gpo,先把chrome的adm新增到系統管理範本中,就可以看到裡面有google chrome的設定可以做部署。
在"將來自相符網址的cookie限制在目前的工作階段中",把網址加入,之後使用者開啟這些網站,只要關掉chrome,cookie就會刪除,不保留。


To enhance and translate the content provided:

When logging into certain websites using Chrome, cookies are generated. These cookies allow subsequent logins without the need to enter the username and password again. Websites like Spotify, Teams, and others utilize this feature.

However, there are times when you may prefer to clear these cookies upon closing the webpages to avoid automatically using the previous login credentials during the next login.

Chrome's settings include a cookie-clearing function, but it clears all cookies and lacks the ability to selectively remove cookies from specific websites, which can be inconvenient.

If you wish to automatically clear cookies from a particular website upon closing the webpage, there is another way to configure this setting. You can choose to "Clear cookies and site data when you quit Chrome" by adding the desired websites to this option.

If there are multiple computers within your company, individually configuring the settings on each one can be tedious. You can download the Chrome ADM template from (https://enterprise.google.com/chrome/chrome-browser/#download).

Next, in the Group Policy Management tool, create a new GPO and add the Chrome ADM file to the Administrative Templates section. This will allow you to see the available Google Chrome settings for deployment.

Under the "Limit cookies from sites that match the following URL" option, add the website URLs. Once users open these websites, closing Chrome will automatically delete the cookies, ensuring they are not retained.




2023/04/24

網域DC時間錯誤造成client電腦時間也錯了

 一台虛擬機DC的時間被設定成與底層hyperv系統同步,結果與正確的時間差了一分多鐘。

PDC的時間是正確的,所以並不是所有client電腦的時間都錯了,就看是抓到哪台DC做時間同步。

時間錯誤的DC一開始就直接用NTPCLOCK這個小工具調整成對的時間,但沒多久又變回錯的時間,在該伺服器執行"w32tm /query /configuration",有看到有一區"VMICTimeProvider"的設定,enable=1,這就是設定成與底層hyperv系統同步的地方。

直接找到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider ,把enable改成0就好,不用重開機,然後在用NTPCLOCK調成正確時間就行了。

Client端如果不想等重開機做時間同步的話,可以下指令直接強制同步。

要用系統管理員執行cmd,然後輸入 w32tm /resync就可以開始同步了,時間不會馬上就變正確的,而且會慢慢的縮小與正確時間的差距,所以要等一下。

可以開啟client的時鐘,如果是client的時間是比較慢,就會發現秒數有時後會跳的比較快,然後慢慢跟上正確的時間。



Domain Controller Time Error Causing Incorrect Client Computer Time

The time of a virtual machine Domain Controller (DC) was initially set to synchronize with the underlying Hyper-V system, but it ended up being more than a minute off from the correct time.

The time displayed on PDC files was accurate, indicating that not all client computers had incorrect time settings. It depended on which DC the clients synchronized their time with.

Initially, the DC with the time error was adjusted using a small utility called NTPCLOCK to set the correct time. However, after a short while, it reverted back to the incorrect time. When running the command "w32tm /query /configuration" on the server, the configuration showed a section called "VMICTimeProvider" with enable=1, indicating synchronization with the underlying Hyper-V system.

To resolve this, the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider was located, and the "enable" value was changed to 0. There was no need to restart the server. Afterward, the correct time could be set using NTPCLOCK.

For client computers that didn't want to wait for a reboot to synchronize their time, a command could be executed to force synchronization. By running cmd as an administrator and entering "w32tm /resync," the synchronization process would begin. The time wouldn't immediately become correct but would gradually narrow the gap with the accurate time. Patience was required.

Observing the client's clock, if the client's time was slower, one would notice that the seconds occasionally jumped ahead and slowly caught up with the correct time.

2023/03/17

OPENVAS(GVM)進行弱點掃描會造成網域帳號被鎖住

在使用 OPENVAS對內部電腦進行弱點掃描,發現一個問題,就是會造成一些AD帳號因輸入太多次錯號密碼被鎖住。

個人猜測是在做掃描時,可能會隨便找一些帳號做登入測試,剛好有人的帳號就是一樣的,所以就被鎖了。

帳號被鎖,可以參考下列這個網站的教學,來查是哪一台設備在在做登入驗證的行為。

https://evotec.xyz/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out/


OPENVAS(GVM) Vulnerability Scanning Causing Domain Account Lockouts

During the use of OPENVAS for vulnerability scanning on internal computers, I encountered an issue where it resulted in some AD accounts getting locked due to multiple incorrect password attempts. My personal speculation is that during the scanning process, the tool may attempt to log in using random accounts, and if there happens to be a match with a valid account, it leads to the account being locked.

To determine the source of the account lockouts, you can refer to the tutorial provided on the following website. It explains how to track down the device responsible for the login authentication attempts:

https://evotec.xyz/active-directory-how-to-track-down-why-and-where-the-user-account-was-locked-out/

2022/12/29

WIN10 在EDGE 用IE模式開網頁

 有些網頁必須要用IE才能正常顯示,如果透過EDGE,就要啟用裡面的IE模式才行。

可以直接在EDGE設定中加入要用IE模式開起的網頁,但這有個缺點,要一台一台做,而且還有期限,預設30天,最長可以改到90天,不適合在公司裡這樣設定。



這時就可以用GPO來佈署,步驟如下:

1. 確認GPO裡有EDGE設定,因為DC都是2012版的,所以要自己下載ADMX檔來增加EDGE功能,方式可參考 https://www.anoopcnair.com/download-microsoft-edge-admx-group-policy-templates/

2. GPO裡有EDGE設定後,要啟用兩個設定

設定企業模式網站清單-這個先設定好檔案路徑跟檔名,例如

C:\ielist.xml,這個檔案在第3步會產生。

再來是要啟用設定InternetExplorer整合



3. 安裝Enterprise Mode Site List Manager,透過這個檔案把要用IE模式開啟的網站建成一個xml的清單,取名成ielist.xml,派送到使用者電腦C槽中,跟第2步GPO裡的設定配合。清單的設定方式一樣網路上很多教學,可參考https://www.anoopcnair.com/configure-enterprise-mode-site-list-using-intune/
4.上述都設定好後,GPO佈署下去就ok了。
當用EDGE開啟IE模式的網站,看一下網址例左邊有出現一樣IE的檔案,就表示現在已在IE模式下執行,設定成功。

機碼的位置可參考這篇
https://admx.help/?Category=EdgeChromium&Policy=Microsoft.Policies.Edge::InternetExplorerIntegrationLevel&Language=zh-tw


Using IE Mode to Open Websites in EDGE on Windows 10

Some websites require Internet Explorer (IE) to be displayed correctly. If you're using EDGE, you can enable the built-in IE mode to access these websites. While you can manually add websites to open in IE mode within EDGE settings, this method has its drawbacks. It requires configuring each device individually and has a time limit, typically set to 30 days (extendable up to 90 days), which is not ideal for company-wide settings.

To address this, you can deploy the settings using Group Policy Objects (GPO) with the following steps:

1.Ensure that the GPO includes the EDGE settings. Since the domain controllers are running the 2012 version, you'll need to download the ADMX files to add EDGE functionality. You can refer to the following link for the process: link to download ADMX files.

2.Once the EDGE settings are available in the GPO, enable two specific settings:

3.Configure the Enterprise Mode Site List: Set the file path and name, for example, C:\ielist.xml. This file will be generated in the next step.
Enable the Internet Explorer Integration setting.
Install the Enterprise Mode Site List Manager. Using this tool, create an XML list named ielist.xml that contains the websites to be opened in IE mode. Place the file in the C:\ directory of users' computers and align it with the settings from step 2. There are various tutorials available online on how to configure the list. You can refer to this link: link to configure Enterprise Mode Site List using Intune.

4.Once all the settings are configured, deploy the GPO to the desired devices.

To verify if a website is opened in IE mode using EDGE, check the URL. If you see the IE file icon on the left side, it indicates that the website is being accessed in IE mode, confirming the successful configuration.




2022/11/21

AD查詢4776 登入失敗的電腦 來源工作站錯誤

 在AD查看被鎖定的帳號,用id 4776去撈出登入出敗的訊息,要找出是在哪台電腦做登入行為的。

結果在來源工作站的資訊,是一台沒看到的電腦名稱,也ping不到,覺得很奇怪。

就想到之前遇到來源工作站是空白的問題,那時就繼續在事件檢視器裡去找NTLM的log,可以找到相關的訊息。

這次也想說去NTLM裡面找找,就找到了,在NTLM裡記錄的登入失敗log裡,除了來源工作站,還多了一個安全通道名稱,這邊顯示的才是正確的電腦名稱。

至於為啥來源工作站是一個奇怪的名稱,目前也不知原因。


When checking the locked accounts in Active Directory, I used ID 4776 to retrieve the information about failed logins in order to determine the workstation where the login attempts originated.

The result showed an error in the workstation information, indicating a computer name that I couldn't find or ping, which seemed unusual.

I recalled a previous encounter where the workstation information was blank, so I continued searching for NTLM logs in the Event Viewer, as they often contain relevant details.

This time, I decided to check the NTLM logs and successfully found the failed login log. In addition to the workstation information, there was also a security channel name recorded. The computer name displayed in this section was the correct one.

As for why the workstation information appeared as a strange name, I am currently unaware of the underlying reason.