Solved

User accounts being locked out.  event id 675

Posted on 2012-03-12
5
693 Views
Last Modified: 2012-04-03
I have multiple users that are being locked out of their accounts.  Some of them are being locked out very quickly.

I have a 2003 domain with a Vista, Windows 7, and a few XP machines left.  All my DC's are 2003, I have one at each of 6 locations.  Users from 4 locations have reported being locked out.  There are about 1400 users on the domain.

This is the error I am receiving:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      675
Date:            3/12/2012
Time:            8:45:42 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ADMDC03
Description:
Pre-authentication failed:
       User Name:      bblake
       User ID:            DOMAIN\bblake
       Service Name:      krbtgt/mydomain.LOCAL
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      10.0.10.76


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:spacoit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709807
Have a look at http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675

"TGT failures are usually due to a bad password or time synchronization between workstation and domain controller."

If this just started today you could have some servers or workstations that didn't update with DST.

Failure code 0x18 (24 in decimal) most likely means the user entered their password wrong.  It could also be they are logged into a second location and have changed their password, this is the biggest reason I see for account lockouts on our network.  I have also seen software that installs a windows service as the user instead of the local system causing authentication failures after a password change.
0
 

Author Comment

by:spacoit
ID: 37709886
Thanks I will take a look at the link you sent.

This issue has been happening for a couple months now.  First it was just one or two users, but each week it is happening to more.

Some of the users do log on to multiple machines, but some do not.
0
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709925
Even if it has been happening for a while you could still have a timing issue if some of the workstations are not getting time updates from the PDC.
0
 

Accepted Solution

by:
spacoit earned 0 total points
ID: 37782803
Turned out to the user had store her credentials in the MS keymgr.

used "control keymgr.dll" from command prompt to open the key manager.  Deleted her saved settings and all was well.
0
 

Author Closing Comment

by:spacoit
ID: 37800008
This is the solution that worked for me.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question