Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
8 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
AD accounts not getting locked out properly ID 4771
Posted on 2012-12-27
Hello,
I'm receiving many event ID's for 4771 on several domain controllers where I'm getting the below information with many authentication failures but the user accounts are not getting locked out when the default domain policy is set to lockout after 3 unsuccessful attempts. Any thoughts? Thanks
4771,AUDIT FAILURE,Microsoft-Windows-
I'm receiving many event ID's for 4771 on several domain controllers where I'm getting the below information with many authentication failures but the user accounts are not getting locked out when the default domain policy is set to lockout after 3 unsuccessful attempts. Any thoughts? Thanks
4771,AUDIT FAILURE,Microsoft-Windows-
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
2
8 Comments
Over what time period are these failures occuring?
Are your default settings set to a short grace period?
Are your default settings set to a short grace period?
I'm seeing like 8 failures in a day on this first account I'm looking at. Here is our default domain policy specifically the password piece.
Policy Setting
Enforce password history 5 passwords remembered
Maximum password age 45 days
Minimum password age 1 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled
Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 10080 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 4320 minutes
Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Policy Setting
Enforce password history 5 passwords remembered
Maximum password age 45 days
Minimum password age 1 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled
Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 10080 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 4320 minutes
Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
What is your Reset Account Lockout Counter After setting?
Go through this as well to make sure all settings are set correctly
http://technet.microsoft.com/en-us/library/cc781491(v=ws.10).aspx
Run gpupdate on client
Run gpresult see if the policy is applying or not to the users
Go through this as well to make sure all settings are set correctly
http://technet.microsoft.com/en-us/library/cc781491(v=ws.10).aspx
Run gpupdate on client
Run gpresult see if the policy is applying or not to the users
Check your 'Reset account Lockout Counter After' setting. This determines how many minutes can elapse after each failed attempt. Your 8 attempts per day may be occuring far enough apart not to trigger the lockout.
http://technet.microsoft.com/en-us/library/cc784599%28v=ws.10%29.aspx
http://technet.microsoft.com/en-us/library/cc784599%28v=ws.10%29.aspx
I've requested that this question be closed as follows:
Accepted answer: 0 points for jacksonwsa's comment #a38757651
for the following reason:
This was never resolved
Accepted answer: 0 points for jacksonwsa's comment #a38757651
for the following reason:
This was never resolved
Featured Post
Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
- Windows 10
- Microsoft Legacy OS
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000, *Windows Explorer, *Internet Explorer (IE)
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 1 hour left to enroll
Earn Certification
MCSA Configuring Windows 7 Exam 70-680
$49.00$44.10
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.