Audit Failure a lot of EventID 4776 from my own server

Hello,

I know that is a common problem for a lot of people. Let me explain:

I have a Server 2008 R2 and I am getting a lot of Audit Failurs in the event viewer. about 5 per second. All of them the same and all of them coming from the server itself:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"><System><Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" /> <EventID>4776</EventID><Version>0</Version> <Level>0</Level> <Task>14336</Task> <Opcode>0</Opcode> <Keywords>0x8010000000000000</Keywords><TimeCreated SystemTime="2013-11-28T22:00:33.365035900Z" /><EventRecordID>18654606</EventRecordID> <Correlation /> <Execution ProcessID="512" ThreadID="6800" /> <Channel>Security</Channel> <Computer>"here is my own server computer name"</Computer> <Security /> </System><EventData><Data Name="PackageName">MICROSOFT_AUTHENTICATION_PACKAGE_V1_0</Data> <Data Name="TargetUserName">user</Data> <Data Name="Workstation">"here is my own server name"</Data><Data Name="Status">0xc0000064</Data> </EventData></Event>

You can notice that its my own server and the target user name that if failing the login is "user".

Also have the same number os 4625 eventIds:

<Data Name="SubjectUserSid">S-1-5-18</Data> <Data Name="SubjectUserName">"My server name"$</Data> <Data Name="SubjectDomainName">WORKGROUP</Data> <Data Name="SubjectLogonId">0x3e7</Data> <Data Name="TargetUserSid">S-1-0-0</Data> <Data Name="TargetUserName">user</Data> <Data Name="TargetDomainName">\</Data> <Data Name="Status">0xc000006d</Data> <Data Name="FailureReason">%%2313</Data> <Data Name="SubStatus">0xc0000064</Data> <Data Name="LogonType">8</Data> <Data Name="LogonProcessName">Advapi</Data> <Data Name="AuthenticationPackageName">Negotiate</Data> <Data Name="WorkstationName">"My server name"</Data> <Data Name="TransmittedServices">-</Data> <Data Name="LmPackageName">-</Data> <Data Name="KeyLength">0</Data> <Data Name="ProcessId">0x4ac</Data> <Data Name="ProcessName">C:\Windows\System32\svchost.exe</Data> <Data Name="IpAddress">-</Data> <Data Name="IpPort">-</Data> 

Can anyone help me?

How can I identify this? Is it possible to Stop?

Regards,
Rui