?
Solved

User account locks out every 1 minute and Exchange Server logs message 529 for process "advapi"

Posted on 2008-10-23
2
Medium Priority
?
807 Views
Last Modified: 2016-06-12
Domain Controller is a Windows 2003 Server with SP2, Exchange Server is a Windows 2003 Server with SP2 and Exchange 2003 with SP2 (Build 7638.2: Service Pack 2)
The account "username" exists for over 6 years under password security policy for which it changes every 3 months, two days ago password expired and was changed as usual, however the account get's locked out every minute while Event ID 529 logs "only" on the Exchange Server:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 23/10/2008
Time: 09:08:08 a.m.
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ronald
Domain: ronald
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYSERVER
Caller User Name: MYSERVER$
Caller Domain: RONALD
Caller Logon ID: (0x0,0x000)
Caller Process ID: 1308
Transited Services: -
Source Network Address: -
Source Port: -

- Message is loged 3 times one per each user, username, username@mail, username@mail.company.com

First, I have verified on each Server that there are no procecess starting with this user account
Then, after tracking the Server where error is issued, I stopped IIS supposing that as Advapi is an impersonation process, the error could reside somewhere in IIS, and found out finally that the problem happens only when "SMTP" is running, I have stopped the SMTP service and problem seems to stop (as the corporate mail does also :-))

I have to mention that near end of may I have installed Outlook 2008 which may have a relation, but as the mail account resides on the user computer, when it is shutted down, the problem should stop; the case is that the problem still happens even if there are no mail clients working (looks like it resides on the Mailbox itself). Also mailbox was scanned for virus & spyware and it seems to be clean.

Thanks,

Ronald
0
Comment
Question by:bpco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
WideAreaMedia earned 750 total points
ID: 22786232
Have a look at http://blogs.msdn.com/puneetgupta/archive/2007/08/20/unknown-username-or-bad-password-inetinfo-exe-advapi.aspx. This seems to match your situation.

Best Regards,
Martin
0
 

Author Comment

by:bpco
ID: 22790405
Problem solved, I user WinDBG & WireLink, I recall of an application authenticates to smtp server / send mail alerts through username

Thanks Martin
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing attempts can come in all forms, shapes and sizes. No matter how familiar you think you are with them, always remember to take extra precaution when opening an email with attachments or links.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question