iamuser
asked on
user accounts are constantly locked out - need
I did a trace and found that most of the lock outs seem to originate from users going to the CAS system (exchange 2010) via their mobile devices.
ex. one of many that I see in the event viewer of the client access log. They are not all the same type but the same Event ID.
Subject:
Security ID: NETWORK SERVICE
Account Name: CASName$
Account Domain: mydomain
Logon ID: 0x3e4
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: staff@92y.org
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0xa58
Caller Process Name: F:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTranspo rt.exe
Network Information:
Workstation Name: CASName
I'm having a hard time understanding what some of these things mean. I've read the documents and stuff but I'm still a little unsure. Ex. below
- Logon type 8
- Call Processor Name :Windows\System32\inetsrv\ w3wp.exe versus Caller Process Name: Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTranspo rt.exe (aren't they both going to owa?)
At this point I'm trying to figure out if they locked their account first which caused their emails to fail or something on their mobile device failed which caused their accounts to be locked.
ex. one of many that I see in the event viewer of the client access log. They are not all the same type but the same Event ID.
Subject:
Security ID: NETWORK SERVICE
Account Name: CASName$
Account Domain: mydomain
Logon ID: 0x3e4
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: staff@92y.org
Account Domain:
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc0000064
Process Information:
Caller Process ID: 0xa58
Caller Process Name: F:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTranspo
Network Information:
Workstation Name: CASName
I'm having a hard time understanding what some of these things mean. I've read the documents and stuff but I'm still a little unsure. Ex. below
- Logon type 8
- Call Processor Name :Windows\System32\inetsrv\
At this point I'm trying to figure out if they locked their account first which caused their emails to fail or something on their mobile device failed which caused their accounts to be locked.
ASKER
This is happening to number of people. All random. While I know chances are they may have changed their passwords somewhere . And that is the cause if the issue I do need some proof. Some of the people getting locked on senior directors and vp's. I want to make sure that I can show the flow if asked.
ASKER
And of course they all swear that nothing was changed, that they changed everything, or that they didn't type anything wrong
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am shutting down this thread and opening a new one
Please split the points appropriately... As the accepted solution was exactly what i had suggested as being the cause in the first place.
ok
Is this happening regularly to everyone or only some people?