Solved

Cached password causing AD account lockout

Posted on 2010-09-13
5
1,016 Views
Last Modified: 2013-12-04
Some of our users have started to use one of our customers SharePoint team site, they log on using their email address as the username and a password issued by the customer.

When they access the team site, they receive a standard windows login box, no option to save the password or not. After logging on and after a few minutes their account in our AD domain is locked out.

The email address is an acceptable username in our domain, so our theory is that the login information is saved/cached and then used as default on all authentication attempts (alot of which occurs in the background)

Seems that each activity (login, opening a document, changing folder etc) performed on the web site is causing 1 bad password attempt.

Security log on the dc shows the following:
675,AUDIT FAILURE,Security,Fri Sep 10 12:26:53 2010,NT AUTHORITY\SYSTEM,Pre-authentication failed:

Any ideas on how to solve this?
0
Comment
Question by:kogas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 9

Expert Comment

by:LaserSpot
ID: 33668593
You could clear passwords from the web browser (even though it didn't ask to remember one):
Internet Explorer -> Tools -> Internet options -> Delete -> Passwords

Is Windows remembering any passwords?
Start -> Run -> type: control keymgr.dll [Enter]
0
 
LVL 78

Expert Comment

by:arnold
ID: 33669816
The sharepoint server is likely on the domain, Check the security settings tab to make sure it is not trying to authenticate users against the AD first. NTLM auth.

0
 

Author Comment

by:kogas
ID: 33671159
We tried to delete the password history in IE, and also checked the credential manager.

The sharepoint server is not on our domain, but failed login attempts towards it does cause lockouts on our domain.

Can also mention that the url they are working on is included on our trusted sites.
0
 
LVL 78

Expert Comment

by:arnold
ID: 33672415
It is not possible.  An access to a remote server that is not part of the domain even with a cached password has no way of locking out the AD password.
Enable auditing to see the source of the authentication request.
What does the sharepoint authentication mechanism use?  Is it based on an SQL table?
0
 

Accepted Solution

by:
kogas earned 0 total points
ID: 33674548
Thanks for the help so far, but we figured it out.

Basicly it was a combination of windows integrated authentication beeing enabled, allowing IE to use Kerberos authentication, and with the username matching our internal UPN and Kerberos realm. In addition to this, the site they were accessing was on our list of trusted domains.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question