Solved

Changed Domain Administrator Password, now getting Audit Failures 2008R2

Posted on 2014-01-29
4
279 Views
1 Endorsement
Last Modified: 2014-03-05
I changed a Domain Administrator's Password 2 weeks ago and it keeps getting locked out.  We are getting Kerberos pre-authentication failed every couple of minutes. Event ID 4771 and then it locks out the account.

We have check all services running on all servers (even shut down our spiceworks server) and the problem does not go away.

We use DFSR.

I can't find anyway to tell where the login attempts are occurring from.

Any help would be greatly appreciated.
1
Comment
Question by:BFanguy
  • 3
4 Comments
 
LVL 20

Expert Comment

by:Patrick Bogers
ID: 39818773
In security event log you should see where the request is coming from.
Can be a share to the DC, can be back-up software, can be SCOM client etcetera.

Please tell me more if above does not help
0
 

Author Comment

by:BFanguy
ID: 39833140
I spent some time this weekend and this is what I am speculating.

Most of our workstations were at some time or another logged into by our old domain admin account (MyAdmin).

We have changed MyAdmin's password on the domain, now it looks like the domain controllers are doing a pass on all workstations for pre authentication of stored credentials and it is seeing all of these old passwords and failing.  After ~ 100 pre authentication fails it locks the myadmin account.

Anyone ever hear of something like this?  is there a script I can run to clean off all of these workstations credentials?
0
 

Accepted Solution

by:
BFanguy earned 0 total points
ID: 39895018
I opened a case with Microsoft and we worked on it for weeks.  I wound up change the domain account's password back to what it was for 1 week and then changed the password again and the errors stopped.
0
 

Author Closing Comment

by:BFanguy
ID: 39905884
found the error myself
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question