Malli Boppe
asked on
windows 2003 active directory account lock out
I have account which gets locked out every 2 minutes I don't understand why its getting locked out. I have downloaded altools but I can find it really help ful. Any suggestions or any other tools which would tell me why this accounts getting locked out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Dou you have Logon/logoff and Account logon auditing enabled in Default Domain Controllers policy?
This article might be of interest.
http://support.gfi.com/manuals/en/lanselm5/lanselm5manual-1-33.html
Make sure that you have enabled account logon events for failure.
http://support.gfi.com/manuals/en/lanselm5/lanselm5manual-1-33.html
Make sure that you have enabled account logon events for failure.
ASKER
Where can I enable that.
Domain Controller Secirity Policy.
http://technet2.microsoft.com/windowsserver/en/library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true
http://technet2.microsoft.com/windowsserver/en/library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true
Go to Group Policy Managment Console, right click Default Domain Controller Policy Group Policy Objects, and then click Edit. Expand the following nodes in the following order: Computer Configuration, Windows Settings, Security Settings, Local Policies and then Audit Policy. Double click Account Logon, click the Audit Successful Attempts and/or the Audit Failed Attempts Repeat the same procedure for Logon/logoff events.
ASKER
I enabled the logging but still can't see any event id 529.Instead I see the following error on in the System event of DC. The server on which this account was used by an appliaction has 0Mb free space for a while I just cleared up the space today.Any suggestions on how I can fix that I don't want to reset the password as it might break the application that we are running.
The SAM database was unable to lockout the account of ? due to a resource
error, such as a hard disk write failure (the specific error code is in the
error data) . Accounts are locked after a certain number of bad passwords
are provided so please consider resetting the password of the account
mentioned above.
The SAM database was unable to lockout the account of ? due to a resource
error, such as a hard disk write failure (the specific error code is in the
error data) . Accounts are locked after a certain number of bad passwords
are provided so please consider resetting the password of the account
mentioned above.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have already cleared the space.
The password was never changed and account was created to never expire the password.
I don't want to reset the password.
The password was never changed and account was created to never expire the password.
I don't want to reset the password.
ASKER
I have reset the password. But it still keeps locking out.
I have similar problem. In my case i can locate the event id 529 but it only suggest name of my domain controller. I cant trace the machine that is actually causing it
Here is Event 529
Logon Failure:
Reason: Unknown user name or bad password
User Name: userfirstname.lastname
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P ACKAGE_V1_ 0
Workstation Name: mydomaincontroller
Caller User Name: mydomaincontroller$
Caller Domain: mydomain
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5772
Transited Services: -
Source Network Address: -
Source Port: -
here is Event 644
User Account Locked Out:
Target Account Name: userfirstname.lastname
Target Account ID: mydomain\userfirstname.las tname
Caller Machine Name: mydomaincontroller
Caller User Name: mydomaincontroller$
Caller Domain: mydomain
Caller Logon ID: (0x0,0x3E7)
Here is Event 529
Logon Failure:
Reason: Unknown user name or bad password
User Name: userfirstname.lastname
Domain:
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_P
Workstation Name: mydomaincontroller
Caller User Name: mydomaincontroller$
Caller Domain: mydomain
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5772
Transited Services: -
Source Network Address: -
Source Port: -
here is Event 644
User Account Locked Out:
Target Account Name: userfirstname.lastname
Target Account ID: mydomain\userfirstname.las
Caller Machine Name: mydomaincontroller
Caller User Name: mydomaincontroller$
Caller Domain: mydomain
Caller Logon ID: (0x0,0x3E7)
ASKER