Solved

User account locks out every 1 minute and Exchange Server logs message 529 for process "advapi"

Posted on 2008-10-23
2
799 Views
Last Modified: 2016-06-12
Domain Controller is a Windows 2003 Server with SP2, Exchange Server is a Windows 2003 Server with SP2 and Exchange 2003 with SP2 (Build 7638.2: Service Pack 2)
The account "username" exists for over 6 years under password security policy for which it changes every 3 months, two days ago password expired and was changed as usual, however the account get's locked out every minute while Event ID 529 logs "only" on the Exchange Server:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 23/10/2008
Time: 09:08:08 a.m.
User: NT AUTHORITY\SYSTEM
Computer: MYSERVER
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: ronald
Domain: ronald
Logon Type: 3
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: MYSERVER
Caller User Name: MYSERVER$
Caller Domain: RONALD
Caller Logon ID: (0x0,0x000)
Caller Process ID: 1308
Transited Services: -
Source Network Address: -
Source Port: -

- Message is loged 3 times one per each user, username, username@mail, username@mail.company.com

First, I have verified on each Server that there are no procecess starting with this user account
Then, after tracking the Server where error is issued, I stopped IIS supposing that as Advapi is an impersonation process, the error could reside somewhere in IIS, and found out finally that the problem happens only when "SMTP" is running, I have stopped the SMTP service and problem seems to stop (as the corporate mail does also :-))

I have to mention that near end of may I have installed Outlook 2008 which may have a relation, but as the mail account resides on the user computer, when it is shutted down, the problem should stop; the case is that the problem still happens even if there are no mail clients working (looks like it resides on the Mailbox itself). Also mailbox was scanned for virus & spyware and it seems to be clean.

Thanks,

Ronald
0
Comment
Question by:bpco
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 1

Accepted Solution

by:
WideAreaMedia earned 250 total points
ID: 22786232
Have a look at http://blogs.msdn.com/puneetgupta/archive/2007/08/20/unknown-username-or-bad-password-inetinfo-exe-advapi.aspx. This seems to match your situation.

Best Regards,
Martin
0
 

Author Comment

by:bpco
ID: 22790405
Problem solved, I user WinDBG & WireLink, I recall of an application authenticates to smtp server / send mail alerts through username

Thanks Martin
0

Featured Post

[Webinar] Code, Load, and Grow

Managing multiple websites, servers, applications, and security on a daily basis? Join us for a webinar on May 25th to learn how to simplify administration and management of virtual hosts for IT admins, create a secure environment, and deploy code more effectively and frequently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question