Solved

User account locks out every 1 minute and Exchange Server logs message 529 for process "advapi"

Posted on 2008-10-23
2
794 Views
Last Modified: 2016-06-12
Domain Controller is a Windows 2003 Server with SP2, Exchange Server is a Windows 2003 Server with SP2 and Exchange 2003 with SP2 (Build 7638.2: Service Pack 2)
The account "username" exists for over 6 years under password security policy for which it changes every 3 months, two days ago password expired and was changed as usual, however the account get's locked out every minute while Event ID 529 logs "only" on the Exchange Server:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 23/10/2008
Time: 09:08:08 a.m.
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ronald
Domain: ronald
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYSERVER
Caller User Name: MYSERVER$
Caller Domain: RONALD
Caller Logon ID: (0x0,0x000)
Caller Process ID: 1308
Transited Services: -
Source Network Address: -
Source Port: -

- Message is loged 3 times one per each user, username, username@mail, username@mail.company.com

First, I have verified on each Server that there are no procecess starting with this user account
Then, after tracking the Server where error is issued, I stopped IIS supposing that as Advapi is an impersonation process, the error could reside somewhere in IIS, and found out finally that the problem happens only when "SMTP" is running, I have stopped the SMTP service and problem seems to stop (as the corporate mail does also :-))

I have to mention that near end of may I have installed Outlook 2008 which may have a relation, but as the mail account resides on the user computer, when it is shutted down, the problem should stop; the case is that the problem still happens even if there are no mail clients working (looks like it resides on the Mailbox itself). Also mailbox was scanned for virus & spyware and it seems to be clean.

Thanks,

Ronald
0
Comment
Question by:bpco
2 Comments
 
LVL 1

Accepted Solution

by:
WideAreaMedia earned 250 total points
ID: 22786232
Have a look at http://blogs.msdn.com/puneetgupta/archive/2007/08/20/unknown-username-or-bad-password-inetinfo-exe-advapi.aspx. This seems to match your situation.

Best Regards,
Martin
0
 

Author Comment

by:bpco
ID: 22790405
Problem solved, I user WinDBG & WireLink, I recall of an application authenticates to smtp server / send mail alerts through username

Thanks Martin
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now