Solved

Changed Domain Administrator Password, now getting Audit Failures 2008R2

Posted on 2014-01-29
4
286 Views
1 Endorsement
Last Modified: 2014-03-05
I changed a Domain Administrator's Password 2 weeks ago and it keeps getting locked out.  We are getting Kerberos pre-authentication failed every couple of minutes. Event ID 4771 and then it locks out the account.

We have check all services running on all servers (even shut down our spiceworks server) and the problem does not go away.

We use DFSR.

I can't find anyway to tell where the login attempts are occurring from.

Any help would be greatly appreciated.
1
Comment
Question by:BFanguy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39818773
In security event log you should see where the request is coming from.
Can be a share to the DC, can be back-up software, can be SCOM client etcetera.

Please tell me more if above does not help
0
 

Author Comment

by:BFanguy
ID: 39833140
I spent some time this weekend and this is what I am speculating.

Most of our workstations were at some time or another logged into by our old domain admin account (MyAdmin).

We have changed MyAdmin's password on the domain, now it looks like the domain controllers are doing a pass on all workstations for pre authentication of stored credentials and it is seeing all of these old passwords and failing.  After ~ 100 pre authentication fails it locks the myadmin account.

Anyone ever hear of something like this?  is there a script I can run to clean off all of these workstations credentials?
0
 

Accepted Solution

by:
BFanguy earned 0 total points
ID: 39895018
I opened a case with Microsoft and we worked on it for weeks.  I wound up change the domain account's password back to what it was for 1 week and then changed the password again and the errors stopped.
0
 

Author Closing Comment

by:BFanguy
ID: 39905884
found the error myself
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question