Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Changed Domain Administrator Password, now getting Audit Failures 2008R2

Posted on 2014-01-29
4
Medium Priority
?
293 Views
1 Endorsement
Last Modified: 2014-03-05
I changed a Domain Administrator's Password 2 weeks ago and it keeps getting locked out.  We are getting Kerberos pre-authentication failed every couple of minutes. Event ID 4771 and then it locks out the account.

We have check all services running on all servers (even shut down our spiceworks server) and the problem does not go away.

We use DFSR.

I can't find anyway to tell where the login attempts are occurring from.

Any help would be greatly appreciated.
1
Comment
Question by:BFanguy
  • 3
4 Comments
 
LVL 23

Expert Comment

by:Patrick Bogers
ID: 39818773
In security event log you should see where the request is coming from.
Can be a share to the DC, can be back-up software, can be SCOM client etcetera.

Please tell me more if above does not help
0
 

Author Comment

by:BFanguy
ID: 39833140
I spent some time this weekend and this is what I am speculating.

Most of our workstations were at some time or another logged into by our old domain admin account (MyAdmin).

We have changed MyAdmin's password on the domain, now it looks like the domain controllers are doing a pass on all workstations for pre authentication of stored credentials and it is seeing all of these old passwords and failing.  After ~ 100 pre authentication fails it locks the myadmin account.

Anyone ever hear of something like this?  is there a script I can run to clean off all of these workstations credentials?
0
 

Accepted Solution

by:
BFanguy earned 0 total points
ID: 39895018
I opened a case with Microsoft and we worked on it for weeks.  I wound up change the domain account's password back to what it was for 1 week and then changed the password again and the errors stopped.
0
 

Author Closing Comment

by:BFanguy
ID: 39905884
found the error myself
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
A procedure for exporting installed hotfix details of remote computers using powershell
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question