Solved

User accounts being locked out.  event id 675

Posted on 2012-03-12
5
698 Views
Last Modified: 2012-04-03
I have multiple users that are being locked out of their accounts.  Some of them are being locked out very quickly.

I have a 2003 domain with a Vista, Windows 7, and a few XP machines left.  All my DC's are 2003, I have one at each of 6 locations.  Users from 4 locations have reported being locked out.  There are about 1400 users on the domain.

This is the error I am receiving:


Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      675
Date:            3/12/2012
Time:            8:45:42 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ADMDC03
Description:
Pre-authentication failed:
       User Name:      bblake
       User ID:            DOMAIN\bblake
       Service Name:      krbtgt/mydomain.LOCAL
       Pre-Authentication Type:      0x2
       Failure Code:      0x18
       Client Address:      10.0.10.76


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0
Comment
Question by:spacoit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709807
Have a look at http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=675

"TGT failures are usually due to a bad password or time synchronization between workstation and domain controller."

If this just started today you could have some servers or workstations that didn't update with DST.

Failure code 0x18 (24 in decimal) most likely means the user entered their password wrong.  It could also be they are logged into a second location and have changed their password, this is the biggest reason I see for account lockouts on our network.  I have also seen software that installs a windows service as the user instead of the local system causing authentication failures after a password change.
0
 

Author Comment

by:spacoit
ID: 37709886
Thanks I will take a look at the link you sent.

This issue has been happening for a couple months now.  First it was just one or two users, but each week it is happening to more.

Some of the users do log on to multiple machines, but some do not.
0
 
LVL 5

Expert Comment

by:rkeith2412
ID: 37709925
Even if it has been happening for a while you could still have a timing issue if some of the workstations are not getting time updates from the PDC.
0
 

Accepted Solution

by:
spacoit earned 0 total points
ID: 37782803
Turned out to the user had store her credentials in the MS keymgr.

used "control keymgr.dll" from command prompt to open the key manager.  Deleted her saved settings and all was well.
0
 

Author Closing Comment

by:spacoit
ID: 37800008
This is the solution that worked for me.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question