[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Account Locks out frequently

Posted on 2008-11-06
4
Medium Priority
?
1,181 Views
Last Modified: 2013-12-07
We have one user and their account keeps getting locked out. We have LockoutStatus.exe running on the DC and it seems that there is a bad password attempt about every 10 minutes. There are no security logs on the user's computer or the DC that coorespond to any of the times that the account has been locked. We have shut his computer off and monitored his account. With the computer off the account still locked, so we have determined that it is another computer on the network. How can I find what computer is causing this issue. I have also tried using EventCombMT and it founf nothing. Anyone have any ideas? The workstations are all running XP and the DC is running Server 2003.
Thanks.
0
Comment
Question by:Synergon
  • 2
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
i2q2 earned 2000 total points
ID: 22897107
Check if Account Audit is enabled on the server. If this is enabled then you should have the logs of Bad logins which should give you an idea about where the attempts are coming from. Looks like it a system service that is trying to logon using the user account.
0
 

Author Comment

by:Synergon
ID: 22898388
Thank you that did help. I enabled account audit on the DC and was able to find the logs where it was locking the account. I am a little confused about the results. It says that the Logon was attempted by MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
and that the source workstation is our exchange server.

Here is what the security event says:


Date: 11/6/2008     Source: Security
Time: 1:21:09          Category: Account Logon
Type: Failure Aud    Event ID: 680
User: NT AUTHORITY\SYSTEM
Computer: DC

Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      user's email address
 Source Workstation:      Exchange server
 Error Code:      0xC000006A


Any further help would be greatly appreciated. Thanks
0
 
LVL 3

Expert Comment

by:i2q2
ID: 22899138
0
 

Author Comment

by:Synergon
ID: 22931446
Thank you for your help. We were able to track the problem down to a misconfigured blackberry.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Large and small networks have one same need, Service monitoring. Service monitoring consists of watch services of the several servers in the network. To monitor means that the administrator will receive an alert when a service is down or it's state …
Introduction Many times we come across a slowness or instability between two hosts, and almost always we blame the poor networking guys, just because they're an easy target.  Sometimes we forget that other factors including disk bottlenecks, CPU …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month17 days, 23 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question