Link to home
Start Free TrialLog in
Avatar of Accountant
Accountant

asked on

LAN Credentials repeatedly lock out

LAN Credentials repeatedly lock out
ASKER CERTIFIED SOLUTION
Avatar of Yancey Landrum
Yancey Landrum
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of ncrones
ncrones
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Yancey Landrum
Yancey Landrum
Flag of United States of America image
Those would definitely be some things to check once you've identified from which machine the invalid credentials are coming. For us, it was not a service logged in with user creds, but a service that was using its own stored creds to contact its server (McAfee Framework service, to be exact).

Another culprit could be windows' saved passwords. In XP, Control Panel / User Accounts / Advanced / Manage Passwords.

But first you gotta figure out which machine. Using EventCombMT, search all your DCs' security logs for failure audits containing event 680. Put the user name that keeps getting locked out in the "Text:" field. After the search, look in the resulting txt files (start with the largest one) for error 0xC000006A; there should be a number of them corresponding to your domain's lockout policy. Each one of those lines will list a workstation; that will be the one that is sending the wrong password and locking out the account. The other lines listing error code 0xC0000234 are where machines/users tried to access the account after it was locked out.


SOLUTION
Avatar of rjmedina
rjmedina
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial