Link to home
Start Free TrialLog in
Avatar of Amit Kumar
Amit KumarFlag for India

asked on

Exchange Computer account is expired

We are getting Warning Event ID 40960 on Exchange Mailbox server: Exchange 2010 SP3 CU2

The Security System detected an authentication error for the server ldap/DC002.domain.local. The failure code from authentication protocol Kerberos was "The user's account has expired.
 (0xc0000193)".

It is coming for all DCs in particular site.

Any idea?
ASKER CERTIFIED SOLUTION
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Amit Kumar
Amit Kumar
Flag of India image

ASKER

Tried to check filter security logs but did not find any login failure attempt during that time.
Avatar of Adam Brown
Adam Brown
Flag of United States of America image
Your audit policy may not be set to check for failures. The default is to only record successful logon events. Also, for domain accounts, you would check the security logs on the Domain Controllers, rather than the Exchange server.  If the audit policy settings for the domain/exchange server are set to default, you won't be able to get any info on the account that is having issues, since there is no way to record failed attempts. You can set the policy now and wait for the event to occur again and go from there, though.
Avatar of Amit Kumar
Amit Kumar
Flag of India image

ASKER

Auditing is enabled for Failure also, will check logs on DC also.
Avatar of Amit Kumar
Amit Kumar
Flag of India image

ASKER

Found one user who has left our org and account was disabled for him. But he left his RDP session on impacted server.