SBS Domain user logon failing repeatedly causing account lockout
Posted on 2007-04-10
Our primary domain controller is Windows Small Business Server 2003. We have a user whose account is frequently getting locked out. When I look in our Domain Controller's event log I see the following two security events occuring every 10 seconds like clockwork:
Event 680, Account Logon.
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: USERNAME (of the user that keeps getting locked out)
Source Workstation: OURDOMAINCONTROLLER (The name of this machine, our primary DC)
Error Code: 0xC000006A
Event 529, Logon/Logoff
Reason: Unknown user name or bad password
User Name: USERNAME (same username, the one getting locked out.)
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: OURDOMAINCONTROLLER
Caller User Name: OURDOMAINCONTROLLER$
Caller Domain: OURDOMAIN
Caller Logon ID: (0x0,0x3E7)
Caller Process ID: 5268 (note: this is the process ID for store.exe)
Transited Services: -
Source Network Address: -
Source Port: -
After enough of these failed logins, apparently the account gets locked out. The process ID above leads me to believe this is somehow related to Exchange (store.exe). Here is what we have tried so far:
-We have completely turned off the user's machine and disconnected it from the network.
-We have had the user sit at the DC console and explicity set their password in active directory.
-The user does not work remotely or use any mobile devices to authenticate to our domain.
-We have restarted the Exchange services on our Domain Controller / Exchange Server
-We have completely rebooted the Domain Controller / Exchange Server.
Any further ideas what could be causing this?