Event ID 644 not showing up on event Security Log.

I have a Windows Server 2003 SP1 Domain Controller. We have one legacy NT4 BDC, no other Domain Controllers.

Whenever an account is locked, for instance by the user trying more than 5 passwords, the account lockout does not show up in the event Security Log.

To test this I tried it in my test environment, with just one 2003 DC and one XP SP2 client and the same thing happens I get no 644s. I do get 539s when I attempt to logon the client after the account is locked.

In the Default Domain Security setting Audit Policy I have everything set to audit, success and failure.

I don’t wish to make any changes to production until I can get this working in Test.

Does anybody have any suggestions or solutions?
BMCKRobAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Toni UranjekConsultant/TrainerCommented:
Do you get any 642s instead of 644?

Event ID:642
Description:
User Account Changed:
Account Locked.

0
BMCKRobAuthor Commented:
No, we are not getting any 642's either.
0
Toni UranjekConsultant/TrainerCommented:
How is your Audit policy set? Default Domain Controller Security Settings should have the following Audit policy set "Audit account managment" to Success, for event ID 644 to appear.
Did you check BDC logs also?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BMCKRobAuthor Commented:
That is IT!!!!  We have been working on this for weeks, none of the documentation I have read says that needs to be set. Thanks you have earned the points.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.