Synergon
asked on
Account Locks out frequently
We have one user and their account keeps getting locked out. We have LockoutStatus.exe running on the DC and it seems that there is a bad password attempt about every 10 minutes. There are no security logs on the user's computer or the DC that coorespond to any of the times that the account has been locked. We have shut his computer off and monitored his account. With the computer off the account still locked, so we have determined that it is another computer on the network. How can I find what computer is causing this issue. I have also tried using EventCombMT and it founf nothing. Anyone have any ideas? The workstations are all running XP and the DC is running Server 2003.
Thanks.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The link below should help you in identifying the issue http://www.windowsecurity.com/articles/Deciphering-Authentication-Events-Domain-Controllers.html
ASKER
Thank you for your help. We were able to track the problem down to a misconfigured blackberry.
ASKER
and that the source workstation is our exchange server.
Here is what the security event says:
Date: 11/6/2008 Source: Security
Time: 1:21:09 Category: Account Logon
Type: Failure Aud Event ID: 680
User: NT AUTHORITY\SYSTEM
Computer: DC
Logon attempt by: MICROSOFT_AUTHENTICATION_P
Logon account: user's email address
Source Workstation: Exchange server
Error Code: 0xC000006A
Any further help would be greatly appreciated. Thanks