We have recently "cloned" our production web servers for use in our development environment. When we bring up the clones in a different VLAN, isolated from the production environement, it locks out the user ID that is used for the services. I used ALTTOLS eventcomMT to identify the lockouts for this user on the domain controllers, but can't make sense of what is happening.
The passwords are correct in webconfig (its a clone and nothing was changed)
There are no time restrictions on the workstations.
I have logged into the server as this particular user and it seems to authenticate as a cached user (I have taken it off of the network because it is locking out the production user) and it authenticates fine.
I do see Failure Code of 0x12 that indicates it could be worstation restriction, but how do I authroize the workstation? why would it be authorized in the first place?
Here is an example of the alttolls log scraping results:
675,AUDIT FAILURE,Security,Fri Sep 04 09:42:34 2009,NT AUTHORITY\SYSTEM,Pre-authe
ntication failed: User Name: user_prod User ID: %{S-1-5-21-3253273498-1357
294314-798
499646-320
9} Service Name: krbtgt/invoiceinsight Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 192.168.dev.net
