Solved

account lockout

Posted on 2009-04-10
4
238 Views
Last Modified: 2012-05-06
I have recently found a user that is being locked out-what seems about every hour.  i used the eventcombs and accountlockout status to determine where and what.
today I found on one of my 2003 servers this user was locked out with a 644 code after getting three of these;
events 675 three times.
Pre-authentication failed:
       User Name:      user1
       User ID:            domain\user1
       Service Name:      krbtgt/domain
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      127.0.0.1


I have been reading alot of entries about services and scheduled tasks - which there are none at this point for this user.  in addition- I am confused by the "client address" this is comming from.

looking at the event log closed- authentication for this user is being initiated by "stystem".

not sure where to go for this now....suggestions comments.
0
Comment
Question by:dtooth71
  • 3
4 Comments
 
LVL 17

Expert Comment

by:Nik
ID: 24117345
You can use alockout.dll along with the locoutstatus.exe tool on the user's workstation, which should help  with figuring out what's going on with this specific account.

http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Regards,
Nik
0
 

Author Comment

by:dtooth71
ID: 24117690
I used the tools to get to the point I am now- the client address is 127.0.0.1 and this is coming from a server machine that I can not install these tools....
0
 

Author Comment

by:dtooth71
ID: 24129383
does anyone have an idea about the lockout comming from lookback address?
0
 

Accepted Solution

by:
dtooth71 earned 0 total points
ID: 24148900
i found the service that was locking the ccount out.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question