Solved

User account locks out every 1 minute and Exchange Server logs message 529 for process "advapi"

Posted on 2008-10-23
2
798 Views
Last Modified: 2016-06-12
Domain Controller is a Windows 2003 Server with SP2, Exchange Server is a Windows 2003 Server with SP2 and Exchange 2003 with SP2 (Build 7638.2: Service Pack 2)
The account "username" exists for over 6 years under password security policy for which it changes every 3 months, two days ago password expired and was changed as usual, however the account get's locked out every minute while Event ID 529 logs "only" on the Exchange Server:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 23/10/2008
Time: 09:08:08 a.m.
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ronald
Domain: ronald
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYSERVER
Caller User Name: MYSERVER$
Caller Domain: RONALD
Caller Logon ID: (0x0,0x000)
Caller Process ID: 1308
Transited Services: -
Source Network Address: -
Source Port: -

- Message is loged 3 times one per each user, username, username@mail, username@mail.company.com

First, I have verified on each Server that there are no procecess starting with this user account
Then, after tracking the Server where error is issued, I stopped IIS supposing that as Advapi is an impersonation process, the error could reside somewhere in IIS, and found out finally that the problem happens only when "SMTP" is running, I have stopped the SMTP service and problem seems to stop (as the corporate mail does also :-))

I have to mention that near end of may I have installed Outlook 2008 which may have a relation, but as the mail account resides on the user computer, when it is shutted down, the problem should stop; the case is that the problem still happens even if there are no mail clients working (looks like it resides on the Mailbox itself). Also mailbox was scanned for virus & spyware and it seems to be clean.

Thanks,

Ronald
0
Comment
Question by:bpco
2 Comments
 
LVL 1

Accepted Solution

by:
WideAreaMedia earned 250 total points
ID: 22786232
Have a look at http://blogs.msdn.com/puneetgupta/archive/2007/08/20/unknown-username-or-bad-password-inetinfo-exe-advapi.aspx. This seems to match your situation.

Best Regards,
Martin
0
 

Author Comment

by:bpco
ID: 22790405
Problem solved, I user WinDBG & WireLink, I recall of an application authenticates to smtp server / send mail alerts through username

Thanks Martin
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question