asked on
AD accounts not getting locked out properly ID 4771
Hello,
I'm receiving many event ID's for 4771 on several domain controllers where I'm getting the below information with many authentication failures but the user accounts are not getting locked out when the default domain policy is set to lockout after 3 unsuccessful attempts. Any thoughts? Thanks
4771,AUDIT FAILURE,Microsoft-Windows-
I'm receiving many event ID's for 4771 on several domain controllers where I'm getting the below information with many authentication failures but the user accounts are not getting locked out when the default domain policy is set to lockout after 3 unsuccessful attempts. Any thoughts? Thanks
4771,AUDIT FAILURE,Microsoft-Windows-
Microsoft Legacy OSActive Directory
Last Comment
jacksonwsa
ASKER
I'm seeing like 8 failures in a day on this first account I'm looking at. Here is our default domain policy specifically the password piece.
Policy Setting
Enforce password history 5 passwords remembered
Maximum password age 45 days
Minimum password age 1 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled
Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 10080 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 4320 minutes
Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
Policy Setting
Enforce password history 5 passwords remembered
Maximum password age 45 days
Minimum password age 1 days
Minimum password length 8 characters
Password must meet complexity requirements Enabled
Store passwords using reversible encryption Disabled
Account Policies/Account Lockout Policyhide
Policy Setting
Account lockout duration 10080 minutes
Account lockout threshold 3 invalid logon attempts
Reset account lockout counter after 4320 minutes
Account Policies/Kerberos Policyhide
Policy Setting
Enforce user logon restrictions Enabled
Maximum lifetime for service ticket 600 minutes
Maximum lifetime for user ticket 10 hours
Maximum lifetime for user ticket renewal 7 days
Maximum tolerance for computer clock synchronization 5 minutes
What is your Reset Account Lockout Counter After setting?
Go through this as well to make sure all settings are set correctly
http://technet.microsoft.com/en-us/library/cc781491(v=ws.10).aspx
Run gpupdate on client
Run gpresult see if the policy is applying or not to the users
Go through this as well to make sure all settings are set correctly
http://technet.microsoft.com/en-us/library/cc781491(v=ws.10).aspx
Run gpupdate on client
Run gpresult see if the policy is applying or not to the users
ASKER
I confirmed the policy is applying to two of the users
Alright check those settings
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I've dug into the logs and I think I'm making progress on this. Thanks for your help
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for jacksonwsa's comment #a38757651
for the following reason:
This was never resolved
Accepted answer: 0 points for jacksonwsa's comment #a38757651
for the following reason:
This was never resolved
Are your default settings set to a short grace period?