Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

User accounts being locked out.  event id 675

Posted on 2012-03-12
5
Medium Priority
?
705 Views
Last Modified: 2012-04-03
I have multiple users that are being locked out of their accounts.  Some of them are being locked out very quickly.

I have a 2003 domain with a Vista, Windows 7, and a few XP machines left.  All my DC's are 2003, I have one at each of 6 locations.  Users from 4 locations have reported being locked out.  There are about 1400 users on the domain.

This is the error I am receiving:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      675
Date:            3/12/2012
Time:            8:45:42 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ADMDC03
Description:
Pre-authentication failed:
       User Name:      bblake
       User ID:            DOMAIN\bblake
       Service Name:      krbtgt/mydomain.LOCAL
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      10.0.10.76


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:spacoit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709807
Have a look at http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675

"TGT failures are usually due to a bad password or time synchronization between workstation and domain controller."

If this just started today you could have some servers or workstations that didn't update with DST.

Failure code 0x18 (24 in decimal) most likely means the user entered their password wrong.  It could also be they are logged into a second location and have changed their password, this is the biggest reason I see for account lockouts on our network.  I have also seen software that installs a windows service as the user instead of the local system causing authentication failures after a password change.
0
 

Author Comment

by:spacoit
ID: 37709886
Thanks I will take a look at the link you sent.

This issue has been happening for a couple months now.  First it was just one or two users, but each week it is happening to more.

Some of the users do log on to multiple machines, but some do not.
0
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709925
Even if it has been happening for a while you could still have a timing issue if some of the workstations are not getting time updates from the PDC.
0
 

Accepted Solution

by:
spacoit earned 0 total points
ID: 37782803
Turned out to the user had store her credentials in the MS keymgr.

used "control keymgr.dll" from command prompt to open the key manager.  Deleted her saved settings and all was well.
0
 

Author Closing Comment

by:spacoit
ID: 37800008
This is the solution that worked for me.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question