Solved

account lockout

Posted on 2009-04-10
4
239 Views
Last Modified: 2012-05-06
I have recently found a user that is being locked out-what seems about every hour.  i used the eventcombs and accountlockout status to determine where and what.
today I found on one of my 2003 servers this user was locked out with a 644 code after getting three of these;
events 675 three times.
Pre-authentication failed:
       User Name:      user1
       User ID:            domain\user1
       Service Name:      krbtgt/domain
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      127.0.0.1


I have been reading alot of entries about services and scheduled tasks - which there are none at this point for this user.  in addition- I am confused by the "client address" this is comming from.

looking at the event log closed- authentication for this user is being initiated by "stystem".

not sure where to go for this now....suggestions comments.
0
Comment
Question by:dtooth71
  • 3
4 Comments
 
LVL 17

Expert Comment

by:Nik
ID: 24117345
You can use alockout.dll along with the locoutstatus.exe tool on the user's workstation, which should help  with figuring out what's going on with this specific account.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Regards,
Nik
0
 

Author Comment

by:dtooth71
ID: 24117690
I used the tools to get to the point I am now- the client address is 127.0.0.1 and this is coming from a server machine that I can not install these tools....
0
 

Author Comment

by:dtooth71
ID: 24129383
does anyone have an idea about the lockout comming from lookback address?
0
 

Accepted Solution

by:
dtooth71 earned 0 total points
ID: 24148900
i found the service that was locking the ccount out.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

679 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question