Solved

User account locks out every 1 minute and Exchange Server logs message 529 for process "advapi"

Posted on 2008-10-23
2
795 Views
Last Modified: 2016-06-12
Domain Controller is a Windows 2003 Server with SP2, Exchange Server is a Windows 2003 Server with SP2 and Exchange 2003 with SP2 (Build 7638.2: Service Pack 2)
The account "username" exists for over 6 years under password security policy for which it changes every 3 months, two days ago password expired and was changed as usual, however the account get's locked out every minute while Event ID 529 logs "only" on the Exchange Server:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 23/10/2008
Time: 09:08:08 a.m.
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ronald
Domain: ronald
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYSERVER
Caller User Name: MYSERVER$
Caller Domain: RONALD
Caller Logon ID: (0x0,0x000)
Caller Process ID: 1308
Transited Services: -
Source Network Address: -
Source Port: -

- Message is loged 3 times one per each user, username, username@mail, username@mail.company.com

First, I have verified on each Server that there are no procecess starting with this user account
Then, after tracking the Server where error is issued, I stopped IIS supposing that as Advapi is an impersonation process, the error could reside somewhere in IIS, and found out finally that the problem happens only when "SMTP" is running, I have stopped the SMTP service and problem seems to stop (as the corporate mail does also :-))

I have to mention that near end of may I have installed Outlook 2008 which may have a relation, but as the mail account resides on the user computer, when it is shutted down, the problem should stop; the case is that the problem still happens even if there are no mail clients working (looks like it resides on the Mailbox itself). Also mailbox was scanned for virus & spyware and it seems to be clean.

Thanks,

Ronald
0
Comment
Question by:bpco
2 Comments
 
LVL 1

Accepted Solution

by:
WideAreaMedia earned 250 total points
ID: 22786232
Have a look at http://blogs.msdn.com/puneetgupta/archive/2007/08/20/unknown-username-or-bad-password-inetinfo-exe-advapi.aspx. This seems to match your situation.

Best Regards,
Martin
0
 

Author Comment

by:bpco
ID: 22790405
Problem solved, I user WinDBG & WireLink, I recall of an application authenticates to smtp server / send mail alerts through username

Thanks Martin
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now