Re: Event ID: 538 Seems to lock out users
- From: "Ondrej Sevecek" <ondra at my_surname dot com>
- Date: Thu, 19 Jan 2006 10:15:05 +0100
Enable auditing of "account logon events" on domain controllers - this will
bring information on the clients IP/name that the unsuccessfull
authentication come from. Then you will know the source where the wrong
attempts are done.
Then, on the client side, enable auditing of "logon events" and you will get
the process ID that tries to log on/impersonate the user.
O.
"Mick" <MickBurkellc@xxxxxxxxx> wrote in message
news:1137637553.551353.300280@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> I've been trying to fugue out a problem where users get locked out of
> the system and we have to reboot the system to get back in. Today it
> happened twice in about a 45 minute period, and i noticed Event ID: 538
> at each point of lock. It reported that there was an error with the
> administrators log-on and that it was a bad password. No one was
> logging on to the server at that point, so I'm wondering what else
> might be trying to access the system as administrator. I checked
> services and scheduled jobs, but didn't find anything.
>
> Can anyone suggest what else to check for the solution? Thanks!
>
> Mick
>
.
- References:
- Event ID: 538 Seems to lock out users
- From: Mick
- Event ID: 538 Seems to lock out users
- Prev by Date: Re: server 2000 Group policy for windows xp clients
- Next by Date: .NET Identity question
- Previous by thread: Re: Event ID: 538 Seems to lock out users
- Next by thread: Re: server 2000 Group policy for windows xp clients
- Index(es):
Relevant Pages
|
Loading
