We have a situation in the office where a process on another PC ( we'll call it PC-1 ) is locking out another users AD account ( user - 2 ). The owner of the AD account being locked out is a tech support rep that has logged into his box as an admin to work on the PC, nothing else.
We traced it back to this workstation ( PC - 1 ), and norrowed it down to this event:
Event Type: Warning
Event Source: Kerberos
Event Category: None
Event ID: 14
Date: 10/28/2009
Time: 4:50:58 PM
User: N/A
Computer: WS-
Description:
There were password errors using the Credential Manager. To remedy, launch the Stored User Names and Passwords control panel applet, and reenter the password for the credential "user-2 "
prior to discovering this, we tried syncing the AD pw for user-2, and then actually removed user-2 profile altogether from the PC.
I've run "alockout" and pulled the logs.
This is only happening when the user is actually logged intot he PC the AD accoutn is being locked out from.
Possibly the orphaned account is still inthe registry somewhere on PC-1and locking out the AD account. Has anyone run up againist this before?
