Hi All,Quick question which I am hoping someone can assist me furtheron...Background Info--------------------Ihave 2 Windows 2008 Domain Controllers (DNS, GC) plus 2 Windows 2008 Read Only Domain Controllers (DNS, GC) and one Windows 2003 Server which I am pending the transfer of the FSMO roles off of.All of the above Domain Controllers are on the same physical site and are patched to the latest service pack.Issue Info--------------------I have a couple of users which are experiencing issues when the screensaver lockout activates (15 mins, group policy), after it becomes active they are not able to unlock the machine, instead an administrator is required to perform a remote logoff so that they can login again.* The same user has seen the same problem on multiple machines (all Windows XP SP3, new build via SCCM OSD Task Sequence).* The issue currently appears to be user specific; in that I can login to the same machines which they have, lockand unlock successfully.* When logging in under a local user account, browsing to a domain resoource (file server), the login prompt comes up, entering the same password to that which was used to login to the Windows Gina (the same user/password which fails at theunlock computer prompt) permits them access to the file share with no issues, so the credentials are fine.Additional Troubleshooting----------------------------------------* I cannot see any time skew issues, all clients are pulling their time from the PDC Emulator on our 2003 server successfully, and it appears fine.* Replmon does not report any issues with replication between any of the servers* There are a fewevents logged in dcdiag from one of the writeable 2008 DC's, such as the below...An Error Event occurred. EventID: 0xC0002719EvtFormatMessage failed, error 15100 Win32 Error 15100.(Event String (event log = System) could not be retrieved, error 0x3afc)The above EventID appears to vary across each eventDoes anyone have any ideas on where else to look on this issue?I would have thought that if the user can login to the Windows Gina then they should be able to unlock the computer system ;-( I'm running out of ideas.RegardsAndy

Hi Andy, Thanks for your post. To better understand the issue, please help confirm: What is the exact error message when the issue occurs? When the issue occurs, can you log on other computer with the user account? Meanwhile, Please check 1. Is the user password expired or required to change?329885 Cannot unlock workstation with ForceUnlockLogon and expired passwordhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;329885 2. Do you configure Logon Hours for the user accounts. In Active Directory Users and Computers, double-click the user account, select Account tab, and click Logon Hours. 3. Is VNC installed? If so, please temporarily uninstall VNC and check the result. Thanks. I look forward to your response. TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights.Joson Zhou

Hi Andy, Hows everything going? Im wondering if the suggestion has helped. If you need further assistance, please feel free to respond back. I look forward to your response. Joson Zhou TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights.

Apologies for the delay and thank you for your feedback, to answer your questions..* The error message is stating that the username or password was incorrect, I will get a screenshot but its the generic dialogue.* Yes you can, it only appears to occur when the screensaver kicks in after loginto the Windows gina(strange i know)1. There is a password policy applied but the aforementioned is not true2. No we do not have any logon hours configured.3. No, VNC is not installed.Thanks again :-)

Hi, Thanks for your information. Based on the current situation, I suggest that you install Network Monitor 3.3 and capture the network traffic for further research: 1. Download and install the Network Monitor 3.3 on a Windows XP workstation:Microsoft Network Monitor 3.3http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=983b941d-06cb-4658-b7f6-3088333d062f 2. Open Command Prompt, run the command at 4:20 /interactive cmd.exe to create a schedule task. 3. Run the task, you should see a new Command Prompt launched by SYSTEM account. 4. In the new Command Prompt, go to the folder where the Network Monitor 3.3 is store, the default location is %ProgramFiles%\Microsoft Network Monitor 3. 5. Run the command nmcap.exe /Network * /Capture /File %SystemDrive%\%ComputerName%_Repro.cap:100M /DisableConversations. 6. Lock the computer (do not close the Command Prompt), and try to unlock the computer to reproduce the issue. 7. After the issue occurs, end the users session with the administrator credential. 8. Logon back to the computer and upload the .cap file to the following space:https://sftasia.one.microsoft.com/choosetransfer.aspx?key=450942a8-b10d-473e-ba70-1e7439a8de8aPassword: BR9FsMScBw Note: Please also let me know the user account name. I look forward to your response. Joson Zhou TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights.