Solved

Event ID 644 not showing up on event Security Log.

Posted on 2007-03-26
4
1,001 Views
Last Modified: 2013-12-04
I have a Windows Server 2003 SP1 Domain Controller. We have one legacy NT4 BDC, no other Domain Controllers.

Whenever an account is locked, for instance by the user trying more than 5 passwords, the account lockout does not show up in the event Security Log.

To test this I tried it in my test environment, with just one 2003 DC and one XP SP2 client and the same thing happens I get no 644s. I do get 539s when I attempt to logon the client after the account is locked.

In the Default Domain Security setting Audit Policy I have everything set to audit, success and failure.

I don’t wish to make any changes to production until I can get this working in Test.

Does anybody have any suggestions or solutions?
0
Comment
Question by:BMCKRob
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Toni Uranjek
ID: 18798831
Do you get any 642s instead of 644?

Event ID:642
Description:
User Account Changed:
Account Locked.

0
 

Author Comment

by:BMCKRob
ID: 18802057
No, we are not getting any 642's either.
0
 
LVL 31

Accepted Solution

by:
Toni Uranjek earned 500 total points
ID: 18806200
How is your Audit policy set? Default Domain Controller Security Settings should have the following Audit policy set "Audit account managment" to Success, for event ID 644 to appear.
Did you check BDC logs also?
0
 

Author Comment

by:BMCKRob
ID: 18816132
That is IT!!!!  We have been working on this for weeks, none of the documentation I have read says that needs to be set. Thanks you have earned the points.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Moving RDP Server to New Server. 3 65
how can I practice with windows server os 2 72
Trasfering FSMO roles 8 105
How to install a font on WIN2003SBS/IIS 6 & test 17 30
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
OfficeMate Freezes on login or does not load after login credentials are input.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question