Hello, hope someone can help, users are getting intermittently locked out by domain controllers which are Windows 2008 R2 hosted in VMWare VSphere 5.0. They are logging on with local accounts to Windows 7 Enterprise desktops which are not part of the domain. They connect to network shares,sharepoint,Instant Messenger by provider their domain log on credentials. Intermittently a DC will log a bad password and lock them out, preventing them from accessing network resources, however their password has not changed. The error log on the server shows the following: Log Name: Security Source: MS Windows Security Event ID: 4776 Task Category: Credential Validation Keywords: Audit Failure Authentic Package: MICROSOFT_AUTHENTICATION_pACKAGE_V1_0 Logon Account: user's network log on account Source Workstation: Users Windows 7 Desktop Error Code: 0xc000006a I have launched "control userpasswords2" from the run command and cleared any cached account passwords on the desktop machine but this did not fix the issue.

Hi, This type issue occurs should be more related to domain controller settings. I find a similar case from the third party website. For your reference: http://eventid.net/display-eventid-4776-source-Microsoft-Windows-Security-Auditing-eventno-10736-phase-1.htm If the issue persists after performing the steps above, I recommend you posting your problem on Server Forum.Kim Zhou TechNet Community Support

Hi Kim, thanks for your response, it's appreciated. The "Send LM & NTLM - use NTLMv2 session security if negotiated" option was already enabled in Local Security Policy. However I have done the following additional steps, and it seems to be working OK for now: Typed the following from the run box: rundll32.exe keymgr.dll KRShowKeyMgr or control userpasswords2 then go to Advanced - Manage Passwords and remove and locally cached accounts. Open regedit and go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - set CachedLogonsCount to 0 Make a note of mapped drives then from a command prompt type: net use * /DELETE - to clear mapped drives, some of these were set to "connect as different user" which may have had old passwords cached Open Local Group Policy Editor: type gpedit.msc - go to - Computer Configuration\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles - changed to "enable" Regards Ben

Hi Kim, thanks for your response, it's appreciated. The "Send LM & NTLM - use NTLMv2 session security if negotiated" option was already enabled in Local Security Policy. However I have done the following additional steps, and it seems to be working OK for now: Typed the following from the run box: rundll32.exe keymgr.dll KRShowKeyMgr or control userpasswords2 then go to Advanced - Manage Passwords and remove and locally cached accounts. Open regedit and go to: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon - set CachedLogonsCount to 0 Make a note of mapped drives then from a command prompt type: net use * /DELETE - to clear mapped drives, some of these were set to "connect as different user" which may have had old passwords cached Open Local Group Policy Editor: type gpedit.msc - go to - Computer Configuration\Administrative Templates\System\User Profiles\Delete cached copies of roaming profiles - changed to "enable" Regards Ben