Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Time: 9:06:36 AM
User: NT AUTHORITY\SYSTEM
Reason: Account locked out
User Name: rauser
Logon Type: 3 (netwrok logon)
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: rass006 (Application hosting machine)
Caller User Name: s-ra_ser (Service account)
Caller Domain: rass (Domain Name)
Caller Logon ID: (0x0,0x126E6)
Caller Process ID: 1592 (PID relates to the process of the application)
Transited Services: -
Source Network Address: -
Source Port: -
I have an issue where in user accounts are getting locked out randomly in the security logs of the server I get several 529 authentication errors and randomly the account gets locked out with above error.
Looked at the above log I have been able to identify the service which is causing these lockouts but have not been able to stop them . I get 529 error even when the user for which the error pops up never tries to open the specific application.
This application upon opening does not prompt for authentication it takes the currently logged on credentials on the machine to authenticate the user. There is no where we can save the password & user name .
Please guide for further trouble shooting to find from which machine these requests are coming in if I am able to find out the source of these authentication requests I will be able to nail down the issue . I cannot use Alocout.dll on the server if there is a way to do it with netmon or wireshak ill be happy to do that .