account lockout struggle
Hello, I'm struggling to fix a chronic account lockout issue. Something on another computer on our network is trying to login with my credentials. It tries to login as me every second or so and then takes a break for 10 minutes and starts again. I can see the computer that's locking me out. It's not running anything that should be logging in as me. I logged into it's credential manager and i'm not listed anywhere. It's a windows 7 32bit system. Any ideas? thank you! The server 2008 domain controller reports this account audit failure over and over. Event ID 4771 Kerberos pre-authentication failed. Account Information: Security ID: domain\myusername Account Name: myusername Service Information: Service Name: krbtgt/domain Network Information: Client Address: ::ffff:10.2.1.76 Client Port: 58217 Additional Information: Ticket Options: 0x40810010 Failure Code: 0x18 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options and failure codes are defined in RFC 4120. If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
August 10th, 2011 3:04am

Reboot into safe mode and run antivirus/malware scans. Ports in that high of range are typically private/dynamic ports and are often used by malware.If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". Rich Prescott | MCITP, MCTS, MCP Blog | Twitter: @Arposh | Powershell Client System Administration tool
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2011 3:19am

This usually happens when your password changes and something on the locking computer is still using the old credentials. Double check that nothing is running under your account on the locking computer in the following areas: Services Scheduled tasks Network drive mappings Remote desktop sessions Startup scripts It looks like there's kerberos authentication involved there, so you might try enabling kerberos logging. This can be a bit complex, but I have found a related forum post that can help with this process: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/92369c2f-44f1-412c-9a8e-fdc1ef218cfd/
August 10th, 2011 3:23am

Yes. This happened right after a password change, but I swear I never logged in in any way to this computer or set any services to use my "user" account. I set a mapped network drive, but I used my administrative user account which is the only account that I use for admin purposes because it's the only one that actually has access to anything. The user account that's being locked doesn't have elevated credentials so really couldn't be used to run anything on a client. I'm completely baffled here.
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2011 6:20am

Hello, first of all identify the source computer. Once done, go on it and check if there is a service / application that is running under a wrong password of this user. Check also that it is not infected by viruses. Have a look to Paul's article: http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner 2010 / 2011 Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration Microsoft Certified Technology Specialist: Windows 7, Configuring Microsoft Certified IT Professional: Enterprise Administrator Microsoft Certified IT Professional: Server Administrator
August 10th, 2011 9:17am

Hi, It seems that there are viruses in the computers which always lock your account out. Some services or applications are trying your password. Please check whether there are some services and applications under your session. I have included a link here: Virus alert about the Win32/Conficker worm http://support.microsoft.com/kb/962007 Best Regards, Yan Li
Free Windows Admin Tool Kit Click here and download it now
August 10th, 2011 11:31am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics