Logging 537,539,1083,1955,700 and 701 error on DC
A few months back I added a second DC on my network. The installation and configuration went ok. I added AD, DNS and wins. It passed DCDiag and Netdiag. I recently started getting errors in my event viewer on both DCs in the Directory Service and Security logs. I have attached a text file with some of the entries. The last entry in the file is due to an account
lockout but it happened at a time when no ne was at the location
Events.txt
lockout but it happened at a time when no ne was at the location
Events.txt
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the suggestions. I will try them. As far as the DCs go they are both 2003 Servers and there are no NT$ servers or workstations. The workstations are mostly XP Pro with some 2000 workstations and a few 2000 Servers running SP4. The function level of the DCs are set to 2003.
ASKER
Chrishudson123, this procedure for troubleshooting account lockouts does not work on 64 bit machines. I tried a while back and it would not work and it did not work for me. Even the Technet article says it is for a 32 bit platform. Is there something I can use on 64 bit machines?
This is what I was eluding to:
https://www.experts-exchange.com/questions/23132123/Computer-failed-to-join-or-logon-to-domain-days-later-after-reboot.html
Do you see the "$" dollar sign at the end of your security log entry, or are you seeing the same symptoms as the above thread. That $ sign is usually a dead givaway. You may have once had an old NT4 machine in there that your clients logged onto using NTLM authentication and those specific clients have not made the changes back to Kerberos authentication.
https://www.experts-exchange.com/questions/23132123/Computer-failed-to-join-or-logon-to-domain-days-later-after-reboot.html
Do you see the "$" dollar sign at the end of your security log entry, or are you seeing the same symptoms as the above thread. That $ sign is usually a dead givaway. You may have once had an old NT4 machine in there that your clients logged onto using NTLM authentication and those specific clients have not made the changes back to Kerberos authentication.
First priority : Find the rootcause of Account Lockout
http://support.microsoft.com/kb/315585
If the login attempts arefrom different servers ,check for conficker virus
http://technet.microsoft.com/en-us/security/dd452420.aspx