Account lockout after changing password.

From: Scott Matthews (scott.matthews@parliament.qld.gov.au)
Date: 01/22/03 

From: "Scott Matthews" <scott.matthews@parliament.qld.gov.au>
Date: Tue, 21 Jan 2003 19:00:52 -0800

Hi

We have an issue that is affecting approximately 5% of
our users though this is slowly increasing.

Every 6 weeks our users are prompted to change their
passwords. This is always successfull but after the user
logs on and accesses a resource the account locks out.
The resource the person uses varies from time to time.
Sometime accessing the web, sometimes accessing a shared
drive, etc. Eventually the problem goes away after we
have unlocked the account 5 or 6 times. We tried
synchronising the domain after a password reset but that
didn't make any difference. I didn't expect that it
would, from my understanding password changes are made
immediately to the PDC emulator.

I can't find a reference in event viewer related to the
account being locked out on any of our DC's or member
servers. The only lockout message I can find is on the
local PC that the user is logged on to, see below...
***************
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 22/01/2003
Time: 11:36:40 AM
User: N/A
Computer: 03HRM13020
Description:
The Security System detected an attempted downgrade
attack for server cifs/eliott.internal.parliament. The
failure code from authentication protocol Kerberos
was "The user account has been automatically locked
because too many invalid logon attempts or password
change attempts have been requested.
 (0xc0000234)".
*************

We are running a Windows 2000 network mixed mode though
we have no NT4 BDC's. Our clients are all running
Windows XP(SP1). All Windows 2000 servers are running
SP3.

Has anyone got any ideas on this?

Thanks in advance
Scott Matthews

Relevant Pages

  • Re: Outlook express
    ... I recently purchased a Dell and still want to use Outlook ... no matter what computer you use to access your account. ... still go through all of your accounts with passwords and change them. ... Email goes to your ISP's servers, ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: nessus scan
    ... Null sessions do NOT allow unauthenticated access to data on ... > when XP Pro users try to change their domain passwords at logon. ... > downlevel clients to access those servers. ... > auditing for account logons events and account management on domain ...
    (microsoft.public.win2000.security)
  • Re: nessus scan
    ... >> when XP Pro users try to change their domain passwords at logon. ... >> downlevel clients to access those servers. ... >> auditing for account logons events and account management on domain ...
    (microsoft.public.win2000.security)
  • Re: MS Exchange Relay Authentication
    ... I've seen this on a few servers in various environments. ... The account was still named Administrator ... It seems that account passwords are being cracked. ...
    (NT-Bugtraq)
  • Re: Services losing Login Info
    ... They are Windows 2003 Std Edition. ... The account being used is a domain ... correct error message. ... The service works on 130 other servers that I support ...
    (microsoft.public.windows.server.general)