My DC-s are running on Windows 2008 R2, client PC-s are Window 7. I have about 3k users in AD. Time to time I am getting the problem with computer accounts, as I guess they are loosing the connection to the DC-s and as soon as DC changes the password for the computer account it does not synchronize to the client and getting such kind of event on DC: Kerberos pre-authentication failed. Account Information: Security ID: DOMAIN\Computer account$ Account Name: Computer account$ Service Information: Service Name: krbtgt/Domain Network Information: Client Address: ::ffff:xxx.xxx.xxx.xxx Client Port: 49222 Additional Information: Ticket Options: 0x40810010 Failure Code: 0x18 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options and failure codes are defined in RFC 4120. If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present. Is there any way to identify why it happens? Because every time after this computers need to rejoin in AD.

Hello, 0x18 normally means bad password, please check the DNS configuration and time setup also: http://chicagotech.net/netforums/viewtopic.php?t=4853 Maybe some advanced Kerbeors logging can help you: http://support.microsoft.com/kb/262177 Make sure no service under services.msc is using the account with a wrong password.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, 0x18 normally means bad password, please check the DNS configuration and time setup also: http://chicagotech.net/netforums/viewtopic.php?t=4853 Maybe some advanced Kerbeors logging can help you: http://support.microsoft.com/kb/262177 Make sure no service under services.msc is using the account with a wrong password.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, Thanks for your reply! What you mean in DNS configuration? or time setup?

Hello, Thanks for your reply! What you mean in DNS configuration? or time setup?

Hello, assure that you use ONLY domain DNS servers on the machines NIC and also assure that time is configured correct in the domain with the PDCEmulator as time source for all other domain controllers and one DC as time time source for all domain member machines, which is default by Microsoft, so only the PDCEmulator must be configured to an external time source.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, assure that you use ONLY domain DNS servers on the machines NIC and also assure that time is configured correct in the domain with the PDCEmulator as time source for all other domain controllers and one DC as time time source for all domain member machines, which is default by Microsoft, so only the PDCEmulator must be configured to an external time source.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, DNS settings are correct, as well as time. Is there any other reason?

Hello, DNS settings are correct, as well as time. Is there any other reason?

Hi, How about rejoining your computer account to the domain? In addition, please also check out the below similar thread: Account Locked - Event 4771 Failure Code 0x18 http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/6187d7e2-d38a-4ecd-bf80-12ce3589c8e1 Hope this helps. Regards, Yan LiYan Li TechNet Community Support

I am having same problem. we have 70 DC,s in our orgnisation. but in logs i found multiple login failures for domain user, with event id 4771 or 4768, failure code 0x18, Bad password and source name as name of domain controller (dc007.in.rp.com). I dont understand how the login failures occur due to bad password, when the user has not attempted to logon.