Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Cached password causing AD account lockout

Posted on 2010-09-13
5
1,009 Views
Last Modified: 2013-12-04
Some of our users have started to use one of our customers SharePoint team site, they log on using their email address as the username and a password issued by the customer.

When they access the team site, they receive a standard windows login box, no option to save the password or not. After logging on and after a few minutes their account in our AD domain is locked out.

The email address is an acceptable username in our domain, so our theory is that the login information is saved/cached and then used as default on all authentication attempts (alot of which occurs in the background)

Seems that each activity (login, opening a document, changing folder etc) performed on the web site is causing 1 bad password attempt.

Security log on the dc shows the following:
675,AUDIT FAILURE,Security,Fri Sep 10 12:26:53 2010,NT AUTHORITY\SYSTEM,Pre-authentication failed:

Any ideas on how to solve this?
0
Comment
Question by:kogas
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:LaserSpot
ID: 33668593
You could clear passwords from the web browser (even though it didn't ask to remember one):
Internet Explorer -> Tools -> Internet options -> Delete -> Passwords

Is Windows remembering any passwords?
Start -> Run -> type: control keymgr.dll [Enter]
0
 
LVL 77

Expert Comment

by:arnold
ID: 33669816
The sharepoint server is likely on the domain, Check the security settings tab to make sure it is not trying to authenticate users against the AD first. NTLM auth.

0
 

Author Comment

by:kogas
ID: 33671159
We tried to delete the password history in IE, and also checked the credential manager.

The sharepoint server is not on our domain, but failed login attempts towards it does cause lockouts on our domain.

Can also mention that the url they are working on is included on our trusted sites.
0
 
LVL 77

Expert Comment

by:arnold
ID: 33672415
It is not possible.  An access to a remote server that is not part of the domain even with a cached password has no way of locking out the AD password.
Enable auditing to see the source of the authentication request.
What does the sharepoint authentication mechanism use?  Is it based on an SQL table?
0
 

Accepted Solution

by:
kogas earned 0 total points
ID: 33674548
Thanks for the help so far, but we figured it out.

Basicly it was a combination of windows integrated authentication beeing enabled, allowing IE to use Kerberos authentication, and with the username matching our internal UPN and Kerberos realm. In addition to this, the site they were accessing was on our list of trusted domains.
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As I write this article, I am finishing cleanup from the Qakbot virus variant found in the wild on April 18, 2011.  It was a messy beast that had varying levels of infection, speculated as being dependent on how long it resided on the infected syste…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question