Greetings, On my 3 domain controller network with only 200 users, several users are getting locked out frequently, after runining the account lockout tool, i am getting Caller Computer Name: *(blank), how do i further troubleshoot this. 4740,AUDIT SUCCESS,Microsoft-Windows-Security-Auditing,Mon Sep 12 17:53:59 2011,No User,A user account was locked out. Subject: Security ID: S-1-5-18 Account Name: TRCSNA01PDC00$ Account Domain: derpherpderp Logon ID: 0x3e7 Account That Was Locked Out: Security ID: S-1-5-21-3565604916-139569381-2277910863-1198 Account Name: tjohnsen Additional Information: Caller Computer Name: < no computer name Thank You

Hi, Based on my research, the empty "Caller Computer Name" occurs because of the following: 1. There is no secure method for the KDC to get the remote machine's name at the current time. If the client provides the name (as in NTLM), then it's not trustworthy and can be spoofed. There are Unix-based hacking tools which spoof workstation name in NTLM auth requests. 2. DNS and NetBIOS reverse lookup are not secure and are not reliable- if we tried this, we'd have a high incidence of incorrect or missing information, and hurt performance. 3. Even if we chose to do add the name anyway, when we could, there's no field for us to use to carry it in Kerberos AS REQ & TGS REQ messages- we'd have to overload some other field, and run a high risk of loss of compatibility with MIT's reference implementation. This problem may not occur on all the Account lockout events. Please check if we can find any clue in other related events. For more information about Account Lockout troubleshooting, refer to: Troubleshooting Account Lockout http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx Account Lockout Tools http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx Hope this helps. Regards, Bruce

See below Technet discussion: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/735602f0-3ddc-4bb4-b6ba-dffcb7605ca1?prof=required You may get some idea from it Regards,Vicky Rajdev

See below Technet discussion: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/735602f0-3ddc-4bb4-b6ba-dffcb7605ca1?prof=required You may get some idea from it Regards,Vicky Rajdev