I have a Windows Server 2003 SP1 Domain Controller. We have one legacy NT4 BDC, no other Domain Controllers.
Whenever an account is locked, for instance by the user trying more than 5 passwords, the account lockout does not show up in the event Security Log.
To test this I tried it in my test environment, with just one 2003 DC and one XP SP2 client and the same thing happens I get no 644s. I do get 539s when I attempt to logon the client after the account is locked.
In the Default Domain Security setting Audit Policy I have everything set to audit, success and failure.
I don’t wish to make any changes to production until I can get this working in Test.
Does anybody have any suggestions or solutions?