• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 323
  • Last Modified:

Account lockout issue in Windows 2003 server AD

Hi,

We have windows 2003 server active directory enviornment (With Service Pack 2)

Problem details:
All system accounts are getting locked acutomatically....

Event ID:675
Description:  Pre-authentication failed

Kindly suggest..
0
Amitmane
Asked:
Amitmane
  • 9
  • 7
  • 4
  • +2
2 Solutions
 
Kruno DžoićSystem EngineerCommented:
change in GroupPolicy locking acc after  3 bad passwords  to 10  
0
 
Vinchenzo-the-SecondCommented:
You've not changed the passwords on these accounts have you?  Was any updates applied on the DC's before this started to happen?
0
 
AmitmaneAuthor Commented:
In group policy it is 5 invalid passwords..

We have not changed passoword of those accounts...and not updates applied on DC..
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
AmitmaneAuthor Commented:
Also checked by disabling account lockout policy from Group Policy....but not resolved..
0
 
Share-ITCommented:
Are the passwords for the service accounts set to expire?

The event you see is triggered when someone uses an incorrect password for a valid account.

If it's ALL service accounts, my guess is something or someone updated a policy that set all users passwords to expire.  
0
 
Vinchenzo-the-SecondCommented:
You can see what device is triggering the authentication, but you need to search the security log on the DC(s) for event IDs 529, 644, 675, 676, 681.  If you have a number of DC's you can use EventComb to search the logs for you
0
 
Share-ITCommented:
you will likely need to reset the passwords manually via ADUC.
0
 
Vinchenzo-the-SecondCommented:
Once you reset the passwords using ADUC you need to also change the password on the service for that account, as it will hold the old password
0
 
Share-ITCommented:
Unless you set it to the existing password of course. ;)
0
 
AmitmaneAuthor Commented:
Even if reset the password.....its getting locked after some time and all AD users complaining the same.
0
 
Vinchenzo-the-SecondCommented:
You need to find where the lock outs are coming from.  You need to search the security log for event IDs  529, 644, 675, 676, 681.  This will tell you the machine that is locking out the account.
0
 
Share-ITCommented:
Are we talking ALL accounts or just a few here and there?

As had been said, you need to find out what machine is locking it out as it could be a brute force attack.

Do the eventlogs on the DCs reveal any other errors that should be a cause for concern?
0
 
AmitmaneAuthor Commented:
It is not about particular machin.....all user accounts are getting locked.
0
 
AmitmaneAuthor Commented:
In event logs...it is generating  event id: 675
0
 
Vinchenzo-the-SecondCommented:
When you say all accounts is this also normal user accounts?
0
 
AmitmaneAuthor Commented:
Yes.....
0
 
AmitmaneAuthor Commented:
is there any widows update which need to applied??
0
 
Vinchenzo-the-SecondCommented:
Are your DC's and clients up to date with the latest Microsoft patches?
0
 
Kruno DžoićSystem EngineerCommented:
probably you have worm ( or similar pests ) in your network, check events for login attempts
0
 
Kruno DžoićSystem EngineerCommented:
do you use a VPN,

from some website

 "the VPN username is the same as the Windows account username, but the passwords are different (because the VPN connects to a firewall, not a Windows server), however when accessing network resources Windows seems to be trying the VPN credentials first - because the account name is the same, the password failures cause the Windows account to become locked."
0
 
AmitmaneAuthor Commented:
Yes...DC and client pc's are updated with latest patches..
0
 
Vinchenzo-the-SecondCommented:
This may help:
http://forum.kaspersky.com/index.php?showtopic=98887

You may have Net-Worm.Win32.Kido.xx virus. Look at the Microsoft article:
http://support.microsoft.com/?scid=kb%3Ben-us%3B962007&x=14&y=17

0
 
SeaSenorCommented:
what is the error code? (not event ID)
0
 
SeaSenorCommented:
or "Failure Code" rather...
0
 
AmitmaneAuthor Commented:
partially agree
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 9
  • 7
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now