Solved

Cached password causing AD account lockout

Posted on 2010-09-13
5
1,007 Views
Last Modified: 2013-12-04
Some of our users have started to use one of our customers SharePoint team site, they log on using their email address as the username and a password issued by the customer.

When they access the team site, they receive a standard windows login box, no option to save the password or not. After logging on and after a few minutes their account in our AD domain is locked out.

The email address is an acceptable username in our domain, so our theory is that the login information is saved/cached and then used as default on all authentication attempts (alot of which occurs in the background)

Seems that each activity (login, opening a document, changing folder etc) performed on the web site is causing 1 bad password attempt.

Security log on the dc shows the following:
675,AUDIT FAILURE,Security,Fri Sep 10 12:26:53 2010,NT AUTHORITY\SYSTEM,Pre-authentication failed:

Any ideas on how to solve this?
0
Comment
Question by:kogas
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:LaserSpot
ID: 33668593
You could clear passwords from the web browser (even though it didn't ask to remember one):
Internet Explorer -> Tools -> Internet options -> Delete -> Passwords

Is Windows remembering any passwords?
Start -> Run -> type: control keymgr.dll [Enter]
0
 
LVL 77

Expert Comment

by:arnold
ID: 33669816
The sharepoint server is likely on the domain, Check the security settings tab to make sure it is not trying to authenticate users against the AD first. NTLM auth.

0
 

Author Comment

by:kogas
ID: 33671159
We tried to delete the password history in IE, and also checked the credential manager.

The sharepoint server is not on our domain, but failed login attempts towards it does cause lockouts on our domain.

Can also mention that the url they are working on is included on our trusted sites.
0
 
LVL 77

Expert Comment

by:arnold
ID: 33672415
It is not possible.  An access to a remote server that is not part of the domain even with a cached password has no way of locking out the AD password.
Enable auditing to see the source of the authentication request.
What does the sharepoint authentication mechanism use?  Is it based on an SQL table?
0
 

Accepted Solution

by:
kogas earned 0 total points
ID: 33674548
Thanks for the help so far, but we figured it out.

Basicly it was a combination of windows integrated authentication beeing enabled, allowing IE to use Kerberos authentication, and with the username matching our internal UPN and Kerberos realm. In addition to this, the site they were accessing was on our list of trusted domains.
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question