Oodles of 529 Logon Failures every 2:00 AM
From: - (-_at_-.com)
Date: 08/28/04
- Previous message: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
- Next in thread: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Steven L Umbach: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Lisa_at_work: "Oodles of 529 Logon Failures every 2:00 AM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Aug 2004 18:24:24 -0400
Hello,
My Windows 2000 domain is getting an error every night at 2AM because it
can't lock out the Administrator account. Yes, exactly; "why is it being
told to lock out in the first place?" I don't think we're under attack
because it is every night at the same time and because I have found some
information which may shed some light on it.
It seems that at 2:00 AM some process happens that all of the local
administrator accounts on the servers get a failed login to their local
machine. The domain registers these logon failures I suppose because the
machine itself is a member of the domain. The really weird thing is that
the "logon type" shows as type 3, network. How can a local account have a
network logon to its own machine?
More wierdness, wherever the local admin account of the server has been
changed, _that_ name shows up with the failed 529. The domain name is
_always_ the name of the local server, the AD domain is not referenced even
once in all 200 of the 529's.
Something... is causing these failed local admin logins to happen every
night at 2AM on servers. I think that's why the domain admin account is
receiving a call to get locked out is; because the domain is confusing the
local admin accounts with the domain admin account, and thinking that _it_
is the culprit.
The first thing we're going to do is rename the domain admin account (yes I
know I should have done this a long time ago, but there are services,
scheduled tasks, etc. running under that name that I have to track down and
remediate before I change it).
The next thing I will do is I will check with our server team about nightly
processes/tasks that may be occurring at 2AM, but I wonder if there is
something in the undulations of AD itself that is triggering this, such as a
master browser election.
If anyone can shed any light or has experienced something similar, I am open
to any advice you could give.
Thanks a bunch!!
- Previous message: Curtis Koenig [MSFT]: "RE: Microsoft Fax Service"
- Next in thread: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Roger Abell: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Steven L Umbach: "Re: Oodles of 529 Logon Failures every 2:00 AM"
- Reply: Lisa_at_work: "Oodles of 529 Logon Failures every 2:00 AM"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
