|
 microsoft.public.windows.server.security - Supporting MS Windows network? Read here before it's too late!
|
|
If you were Registered and logged in, you could reply and use other advanced thread options
|
Posted by Brad on January 25, 2010, 10:23 am
We're running a W2K3 Active Directory environment. We have a problem with
user's AD accounts getting locked out unexpectedly. An examination of the
domain controller security event logs shows nothing like any bad password
attempts leading up to the lockout. We did find a series of LSASRV events in
the local PC System log, Event IDs 40961, and 40961, and in the Application
log there were two USERENV events, IDs 1006 and 1030, coinciding exactly with
the time the accounts get locked out. Google and Bing searches were not
fruitful. I would appreciate any suggestions on where to look for
information that would shed light on what relation, if any, these events have
on the account getting locked out.
|
|
Posted by Meinolf Weber [MVP-DS] on January 25, 2010, 4:22 pm
Hello Brad,
Start with account lockout tools and also check for conficker, see the following
articles:
http://technet.microsoft.com/en-us/library/cc738772" target="_blank">http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx
http://www.microsoft.com/downloads/details.aspx?familyidzF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en" target="_blank">http://www.microsoft.com/downloads/details.aspx?familyidzF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
http://support.microsoft.com/kb/109626" target="_blank">http://support.microsoft.com/kb/109626
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html
http://support.microsoft.com/kb/962007" target="_blank">http://support.microsoft.com/kb/962007
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
> We're running a W2K3 Active Directory environment. We have a problem
> with user's AD accounts getting locked out unexpectedly. An
> examination of the domain controller security event logs shows nothing
> like any bad password attempts leading up to the lockout. We did find
> a series of LSASRV events in the local PC System log, Event IDs 40961,
> and 40961, and in the Application log there were two USERENV events,
> IDs 1006 and 1030, coinciding exactly with the time the accounts get
> locked out. Google and Bing searches were not fruitful. I would
> appreciate any suggestions on where to look for information that would
> shed light on what relation, if any, these events have on the account
> getting locked out.
>
|
|
Posted by shanmugam on June 27, 2010, 1:43 pm
Brad wrote on 01/25/2010 10:23 ET :
> We're running a W2K3 Active Directory environment. We have a problem with
> user's AD accounts getting locked out unexpectedly. An examination of the
> domain controller security event logs shows nothing like any bad password
> attempts leading up to the lockout. We did find a series of LSASRV events in
> the local PC System log, Event IDs 40961, and 40961, and in the Application
> log there were two USERENV events, IDs 1006 and 1030, coinciding exactly with
> the time the accounts get locked out. Google and Bing searches were not
> fruitful. I would appreciate any suggestions on where to look for
> information that would shed light on what relation, if any, these events have
> on the account getting locked out.
>
This topic is too old, but I just wanted to share a helpful tool if any one
has
the same problem reads this thread in future..
Lockout fixer is a free tool which lets you to quickly determine from where
the
invalid credentials are coming.. You can download lockout fixer here:
http://lockoutfixer.cz.cc/
|
This Thread
If you were Registered and logged in, you could reply and use other advanced thread options
Related Posts
Latest Posts
|
|
XML Sitemap
Yahoo! 
Google 
Windows Live 
del.icio.us 
digg 
Netscape 
> with user's AD accounts getting locked out unexpectedly. An
> examination of the domain controller security event logs shows nothing
> like any bad password attempts leading up to the lockout. We did find
> a series of LSASRV events in the local PC System log, Event IDs 40961,
> and 40961, and in the Application log there were two USERENV events,
> IDs 1006 and 1030, coinciding exactly with the time the accounts get
> locked out. Google and Bing searches were not fruitful. I would
> appreciate any suggestions on where to look for information that would
> shed light on what relation, if any, these events have on the account
> getting locked out.
>