Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Server 2008 accounts keep getting locked out.

Posted on 2011-02-28
4
Medium Priority
?
1,085 Views
Last Modified: 2012-05-11
I am having continual and repettative account lockouts on 2 different locations on 2 different domain controllers (without a domain trust in place) .

I need to know if there is a way to determine the source of the problem. i.e what machine is attempting logon with the wrong password etc.

i am finding that even the master domain account is being locked as well.

As a matter of fact one time it was EVERY account on one of the DC's except my own personal account.
0
Comment
Question by:cc-admin
4 Comments
 
LVL 9

Expert Comment

by:Timothy McCartney
ID: 35001665
Have you checked the security section of the event log?
0
 

Author Comment

by:cc-admin
ID: 35001896
yes. i dont see anything obvious. it only showed one machine fail and it was using the old server address and not the new one. But that does not explain the other accounts being locked out as well.

It appears to only be Domain Admin accounts being locked out.

Any other ideas?
0
 
LVL 10

Expert Comment

by:abbright
ID: 35004402
In the security log you should be able to find information about unsuccessful logins. In some of these log-entries you can find the source address of the request.
0
 
LVL 10

Accepted Solution

by:
pand0ra_usa earned 2000 total points
ID: 35010035
The last part sounds like someone is trying to brute-force your accounts and that is why your accounts are being locked out.

Type in rsop at the command line. Go to Computer Configuration, Windows Settings, Local Policies, Audit Policy. We need to make sure auditing is still enabled.

Check the Audit account on logon events and Audit logon events is set to Success, Failure. You may also want to check Audit account management for the same setting as that might also provide insight.

If these are already set to those settings I would search/filter for Event ID 4625 (or other logon failure codes).

Status and Sub Status Codes       Description (not checked against "Failure Reason:")
0xC0000064       user name does not exist
0xC000006A       user name is correct but the password is wrong
0xC0000234       user is currently locked out
0xC0000072       account is currently disabled
0xC000006F       user tried to logon outside his day of week or time of day restrictions
0xC0000070       workstation restriction
0xC0000193       account expiration
0xC0000071       expired password
0xC0000133       clocks between DC and other computer too far out of sync
0xC0000224       user is required to change password at next logon
0xC0000225       evidently a bug in Windows and not a risk
0xc000015b       The user has not been granted the requested logon type (aka logon right) at this machine
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
Securing your business data in current era should be your biggest priority. Numerous people are unaware of the fact that insiders commit more than 60 percent of security breaches. You need to figure out the underlying cause and invoke your potential…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

963 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question