Re: Finding Account Lockout Source
From: Steve Pope (spope_at_hbk.com)
Date: 07/30/03
- Next message: Miha Pihler: "Re: Finding Account Lockout Source"
- Previous message: lisa: "Disable network password"
- In reply to: Erik Presnell: "Re: Finding Account Lockout Source"
- Next in thread: Miha Pihler: "Re: Finding Account Lockout Source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 14:39:40 -0500
I would check the scheduled tasks and services on Workstation ABC
"Erik Presnell" <presnell@milltec.com> wrote in message
news:OFemqEtVDHA.1896@TK2MSFTNGP12.phx.gbl...
> I have read several of these similar posts and I'm experiencing the same
> problem. I have been able to use the event viewer tool that is in the
> altools.exe to trace to what servers people are trying to authenticate
from,
> but my next question is what do with that information. I'm the domain
admin
> here and on "server 123" in the event viewer it will have something like:
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 7/30/2003
> Time: 1:58:34 PM
> User: NT AUTHORITY\SYSTEM
> Computer: "Server 123"
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: "my initials"
> Domain: concord
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: "ABC"
>
> Now this is what I don't understand; my workstation is "XYZ"; so I go to
> "ABC" to see if there was anything going on at 1:58:34. There is nothing
> there, there are also no unusual programs. Please help me, I'm just not
> seeing the next logical step. Thank you for any help.
>
> Erik
>
>
> "Miha Pihler" <miha.pihler@Atlantis-N0Spam.si> wrote in message
> news:OaJLc7sVDHA.484@TK2MSFTNGP09.phx.gbl...
> > Hi,
> >
> > You can use this tools:
> >
>
http://microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
> >
> > --
> > Mike
> > MCSA 2K, MCSE 2K, MCT, ...
> >
> > "PattyMac" <pmacarthur@jenner.com> wrote in message
> > news:052901c356cc$14f20bb0$a101280a@phx.gbl...
> > > Recently changed a password on an account. Now that
> > > account keeps locking out every 10 minutes or so. How can
> > > I find out the source of the problem? My guess is there's
> > > a machine or service somewhere using that ID, but I don't
> > > know where. Can I find the IP or Machine name that's
> > > using that ID?
> > >
> > > Thanks for any feedback.
> >
> >
>
>
- Next message: Miha Pihler: "Re: Finding Account Lockout Source"
- Previous message: lisa: "Disable network password"
- In reply to: Erik Presnell: "Re: Finding Account Lockout Source"
- Next in thread: Miha Pihler: "Re: Finding Account Lockout Source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
