Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Changed Domain Administrator Password, now getting Audit Failures 2008R2

Posted on 2014-01-29
4
Medium Priority
?
294 Views
1 Endorsement
Last Modified: 2014-03-05
I changed a Domain Administrator's Password 2 weeks ago and it keeps getting locked out.  We are getting Kerberos pre-authentication failed every couple of minutes. Event ID 4771 and then it locks out the account.

We have check all services running on all servers (even shut down our spiceworks server) and the problem does not go away.

We use DFSR.

I can't find anyway to tell where the login attempts are occurring from.

Any help would be greatly appreciated.
1
Comment
Question by:BFanguy
  • 3
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39818773
In security event log you should see where the request is coming from.
Can be a share to the DC, can be back-up software, can be SCOM client etcetera.

Please tell me more if above does not help
0
 

Author Comment

by:BFanguy
ID: 39833140
I spent some time this weekend and this is what I am speculating.

Most of our workstations were at some time or another logged into by our old domain admin account (MyAdmin).

We have changed MyAdmin's password on the domain, now it looks like the domain controllers are doing a pass on all workstations for pre authentication of stored credentials and it is seeing all of these old passwords and failing.  After ~ 100 pre authentication fails it locks the myadmin account.

Anyone ever hear of something like this?  is there a script I can run to clean off all of these workstations credentials?
0
 

Accepted Solution

by:
BFanguy earned 0 total points
ID: 39895018
I opened a case with Microsoft and we worked on it for weeks.  I wound up change the domain account's password back to what it was for 1 week and then changed the password again and the errors stopped.
0
 

Author Closing Comment

by:BFanguy
ID: 39905884
found the error myself
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question