MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 locks Windows 2003 Active Directory account - 0xC0000234

After resetting a user password through user manager, the account consistently gets locked every few seconds.  

Environment: Windows 2003 SP2 (two active directory servers)

Troubleshooting steps:
Unlock Account...
Reset PW
Removed from all groups   User was a domain admin (by design)
Turned off all users workstations
Turned on enhanced AD logging and get the Event ID: 680
Checked for errant network shares
Disabled/Re-enabled the account - When account is disabled MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 still attempts and gets a failure audit
Full Virus and Spyware scan
AD sync is working as expected
Checked all backup services and windows services for account in use
Checked services on and rebooted all domain and application servers
With domain controller 1 off, secondary got plagued with the same error.

I can re-enable the account and with Event Log or AccountLockout Status watch the failed attempts get chewed up.  I have been combing Microsoft and the rest of the web.  Any thoughts or suggestions would be appreciated.

Errors in Event Viewer (every few seconds over the past 48 hours)
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            11/13/2008
Time:            8:48:45 AM
User:            NT AUTHORITY\SYSTEM
Computer:      AD1 (Active Directory)
Description:
Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      jsmith
 Source Workstation:      
 Error Code:      0xC0000234


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            11/13/2008
Time:            9:18:13 AM
User:            NT AUTHORITY\SYSTEM
Computer:      AD1 (Active Directory)
Description:
Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
 Logon account:      jsmith
 Source Workstation:      
 Error Code:      0xC0000234
PMRSAsked:
Who is Participating?
 
ee_autoConnect With a Mentor Commented:
Question PAQ'd, 250 points refunded, and stored in the solution database.
0
 
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
The error code 0xC0000234 is just telling you that the user is locked out. Can you unlock the account and then look for an event with a different error code?


You might want to check the services and scheduled tasks to see if any are using that user to authenticate. If so, update the credentials.
1
 
PMRSAuthor Commented:
Thanks for the feedback.  The issue has been resolved.  
After 1.5 days of mind-numbing troubleshooting, I traced the issue back to a SQL 2005 instance.  Although the users credentials were not visibly in use on any of the databases, or services on this server& the server was running a HP Proliant monitoring tool.    Removing this tool and the associated database (and reloading) resolved the issue.  Users password has changed multiple times since, without issue.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.