Re: Security log chaos -

From: Travis Kwekkeboom (totoro_orotot_at_hotmail.com)
Date: 07/26/04 

Date: Mon, 26 Jul 2004 16:42:10 -0400

Thank you for the information Eric,

Lockout is set for 5 attempts right now, it was 3 attempts.

I did not know about the AD client for the 9x boxes. As for WINS, I
do not have it setup on the server at all. DNS only. I ALSO did not
know that DNS did not work properly for 9x boxes. MAn o MAn.

Anyways, I will try installing the AD client for the boxes and see
what happens.

On Mon, 26 Jul 2004 19:01:57 +0200, "Erik Veenhuijsen"
<erikv70@hotmail.com> wrote:

>Travis,
>
>After how many attempts does your domain is set to lockout an user account?
>The error code displays that: User logon with misspelled or bad password
>
>On win9x boxes i have seen, that the first logon attempt is not accept and a
>domain logon error is displayed at the client, after which they try a second
>time and then logon does occur. I found that the problem was related to
>win9x machines not getting the correct wins server addresses from the dhcp
>scope options.
>Can you check that wins is installed correctly on your server and name
>resolution does occur correctly at the workstation (win9x does not work with
>dns name resolution).
>
>Also this problem can occur with the server trying to connect to the client
>with Kerberos authentication, which is something that a standard win9x can
>not deal with. You should install the Active Directory client for win9x
>pc's. This client you can find on one of the server installation cd's or on
>the microsoft support website.
>
>Greets,
>Erik.
>
>
>
>"Travis Kwekkeboom" <totoro_orotot@hotmail.com> wrote in message
>news:ka8ag01p4c6ou4m9vcoqt42q76ghg2foaf@4ax.com...
>> This one has been bugging me for quite some time. I have people on
>> Win9x boxes who keep getting their accounts locked out for reasons
>> beyond me. 1st I thought it might be a timing server issue (which it
>> might still be)
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Account Logon
>> Event ID: 681
>> Date: 7/20/2004
>> Time: 1:09:28 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: SLS-SERVER
>> Description:
>> The logon to account: XXXX XXXXXXXXX
>> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>> from workstation: \\XXXXXXXXXXXXXXX
>> failed. The error code was: 3221225578
>>
>> and then
>>
>> Event Type: Failure Audit
>> Event Source: Security
>> Event Category: Logon/Logoff
>> Event ID: 529
>> Date: 7/20/2004
>> Time: 1:09:28 PM
>> User: NT AUTHORITY\SYSTEM
>> Computer: XXXXX-SERVER
>> Description:
>> Logon Failure:
>> Reason: Unknown user name or bad password
>> User Name: SSSSSSSSSSSSSSSSSS
>> Domain: DomainName
>> Logon Type: 3
>> Logon Process: NtLmSsp
>> Authentication Package: NTLM
>> Workstation Name: \\XXXXXXXXXXXX
>>
>> and then
>>
>> Event Type: Success Audit
>> Event Source: Security
>> Event Category: Account Management
>> Event ID: 644
>> Date: 7/20/2004
>> Time: 1:14:53 PM
>> User: Everyone
>> Computer: XXXXX-SERVER
>> Description:
>> User Account Locked Out:
>> Target Account Name: XXXXXXXXXXXXXX
>> Target Account ID: XXXXXXXXXXXX\XXXXX
>> Caller Machine Name: \\XXXXXXXXXXXXXXXX
>> Caller User Name: XXXXXX-SERVER$
>> Caller Domain: DomainName
>> Caller Logon ID: (0x0,0x3E7)
>>
>>
>> and then
>>
>> Event Type: Success Audit
>> Event Source: Security
>> Event Category: Account Management
>> Event ID: 642
>> Date: 7/20/2004
>> Time: 1:14:53 PM
>> User: Everyone
>> Computer: XXXX-SERVER
>> Description:
>> User Account Changed:
>> Account Locked.
>> Target Account Name: XXXXXXXXXXXXXXXX
>> Target Domain: Domain Name
>> Target Account ID: XXXXXXXX\XXXXXXXX
>> Caller User Name: XXXXXXX-SERVER$
>> Caller Domain: Domain Name
>> Caller Logon ID: (0x0,0x3E7)
>> Privileges: -
>>
>> then the account has to be unlocked.
>>
>> Anyone have any ideas?
>> It is a bothersome event.
>>
>> TK
>>
>> Follow-up: ******************
>>
>> I have scanned the server for viruses from MANY sources and have come
>> up with negatives everywhere. This only happens to 9x series
>> machines. I have a time script running on startup to synch the time
>> to the server, that is about all I have done to these things besides
>> stock and SP's.
>>
>> Help.
>>
>> TK
>

Relevant Pages

  • Client cant log on to server after password change
    ... server but one of the boxes in the office cannot logon with the new ... I tried a vpn connection into the server with the new user ... believe that the problem is on the client machine. ... I assume the passwords are cached on the client boxes - is ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem with TCP connection not opening properly
    ... The server has no iptables rules set up. ... Well these are the only two boxes I can log both ends of. ... from a Windows client via a Linux NAT router/firewall. ... > What kernel patches do you have on the boxes, ...
    (comp.os.linux.networking)
  • [HPADM] Nkthreads questions
    ... We did some changes to our physical network over the holidays, and also corrected some nfs mount options for our linux workstations and compute boxes. ... Here are some kernel parameters on that given server that will probably be of interest: ... Should I just figure the 10 threads per client * number of clients and make nkthreads bigger than that? ...
    (HP-UX-Admin)
  • Re: DSCLIENT 2003 NTLM 2 Authentication
    ... Phillip Windell [MCP, MVP, CCNA] www.wandtv.com ... It's vintage December 2001 so it's not a Server 2003 version, but> at least you can get the dsclient for Win98 without having to 'borrow' a> Win2k Server CD: ... >> version of the client for Win9x. ... As far as I can tell, the dsclient for Win9x is only available> on ...
    (microsoft.public.windows.server.networking)
  • Re: tapi client win98
    ... > that TAPISRV runs under on the server has "Access this computer ... You can check this on a NT client, ... My experience with TAPI client / server regarding Win9x is several years old. ... Andreas Marschall ...
    (microsoft.public.win32.programmer.tapi)
Quantcast