Users in Win98 workstations having account locked in Active Direct
From: marciotf (marciotf_at_discussions.microsoft.com)
Date: 12/30/04
- Next message: Ryan Hanisco: "Re: Same Internet Domain and AD Domain Name"
- Previous message: Ryan Hanisco: "Re: Questions about Trusts"
- Next in thread: Ryan Hanisco: "Re: Users in Win98 workstations having account locked in Active Direct"
- Reply: Ryan Hanisco: "Re: Users in Win98 workstations having account locked in Active Direct"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 30 Dec 2004 08:01:03 -0800
Hi,
We just upgraded a Windows NT 4 domain to Active Directory. The client
computers are comprised of Windows 98, Windows 98 SE and Windows 2000 Pro
machines.
Exchnage 5.5 is installed in a Windows 2000 DC.
We are having the following problem, with the Windows 98 machines:
A lot of the users in the 98 workstations are getting their accounts locked
out (the account lockout police locks an account after 3 failed tries, cant
change this) randomly.
In the DC security logs, I get a lot of errors:
Source: Security
Category: Account Logon
Type: Failure
Event ID: 681
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
The logon to account: xxxxxxx
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: \\xxxxxxx
failed. The error code was: 3221226036
Source: Security
Category: Logon\Logoff
Type: Failure
Event ID: 529
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: xxxxxxxx
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\xxxxxx
Source: Security
Category: Logon\Logoff
Type: Failure
Event ID: 539
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Logon Failure:
Reason: Account locked out
User Name: xxxxxx
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\xxxxxx
Source: Security
Category: Account Management
Type: Success
Event ID: 642
User: Everyone
Computer: DC
Description:
User Account Changed:
Account Locked.
Target Account Name: vnd_bruno
Target Domain: BRAZIL
Target Account ID: BRAZIL\vnd_bruno
Caller User Name: DC02SRV$
Caller Domain: BRAZIL
Caller Logon ID: (0x0,0x3E7)
Privileges: -
Source: Security
Category: Account Management
Type: Success
Event ID: 644
User: Everyone
Computer: DC
Description:
User Account Locked Out:
Target Account Name: XXXXXX
Target Account ID: DOMAIN\XXXXXX
Caller Machine Name: \\XXXXXXX
Caller User Name: DC$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)
It appears as although the users use its right credentials, the accounts are
being locked by the system.
I have checked lots of things and already tried: installing and uninstalling
DSClient on the 98 workstations; allowed anything on the LAN Manager
Authentication Level in Security Options in the Domain Security Police;
edited the users account properties in Active Directory to check "Do not
require Kerberos preauthentication"; checked to make sure users were logging
in the domain and not in the Windows 98 workstation; but nothing worked so
far, accounts are still being locked out randomly.
Can anyone help me?
Thanks in advance.
- Next message: Ryan Hanisco: "Re: Same Internet Domain and AD Domain Name"
- Previous message: Ryan Hanisco: "Re: Questions about Trusts"
- Next in thread: Ryan Hanisco: "Re: Users in Win98 workstations having account locked in Active Direct"
- Reply: Ryan Hanisco: "Re: Users in Win98 workstations having account locked in Active Direct"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
