maximus81
asked on
Active Directory keeps locking
I have a user that recently changed her password and now her account locks throughout the day. I have checked her services and nothing is running as her. Here is what shows in the event viewer:
Event Type: Warning
Event Source: Kerberos
Event Category: None
Event ID: 14
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The password stored in Credential Manager is invalid. This might be caused by the user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential domain.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The Security System could not establish a secured connection with the server cifs/server.donain.COM. No authentication protocol was available.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The Security System detected an attempted downgrade attack for server cifs/server.doamin.COM. The failure code from authentication protocol Kerberos was "The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
(0xc0000234)".
Event Type: Warning
Event Source: Kerberos
Event Category: None
Event ID: 14
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The password stored in Credential Manager is invalid. This might be caused by the user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential domain.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40961
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The Security System could not establish a secured connection with the server cifs/server.donain.COM. No authentication protocol was available.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 7/3/2012
Time: 6:21:22 AM
User: N/A
Computer: ICN10272
Description:
The Security System detected an attempted downgrade attack for server cifs/server.doamin.COM. The failure code from authentication protocol Kerberos was "The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
(0xc0000234)".
Does she have a smartphone or networked device configured to check mail with her old credentials?
JJ
JJ
ASKER
She has a Blackberry device but that uses the server.
Perhaps the blackberry server is doing the query?
She most likely has a stored password on the Blackberry device or on her PC. Clear it out and I'm betting the problem goes away.
ASKER
I will check on the Blackberry server.
You are getting the error in device manager that the credential manager has a bad password stored. Have you changed the stored password like I suggested earlier?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Here is how to manage it: http://support.microsoft.com/kb/306992/EN-US
See the To Edit an Entry Step.