Amit Kumar
asked on
Exchange Computer account is expired
We are getting Warning Event ID 40960 on Exchange Mailbox server: Exchange 2010 SP3 CU2
The Security System detected an authentication error for the server ldap/DC002.domain.local. The failure code from authentication protocol Kerberos was "The user's account has expired.
(0xc0000193)".
It is coming for all DCs in particular site.
Any idea?
The Security System detected an authentication error for the server ldap/DC002.domain.local. The failure code from authentication protocol Kerberos was "The user's account has expired.
(0xc0000193)".
It is coming for all DCs in particular site.
Any idea?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your audit policy may not be set to check for failures. The default is to only record successful logon events. Also, for domain accounts, you would check the security logs on the Domain Controllers, rather than the Exchange server. If the audit policy settings for the domain/exchange server are set to default, you won't be able to get any info on the account that is having issues, since there is no way to record failed attempts. You can set the policy now and wait for the event to occur again and go from there, though.
ASKER
Auditing is enabled for Failure also, will check logs on DC also.
ASKER
Found one user who has left our org and account was disabled for him. But he left his RDP session on impacted server.
ASKER