Account Lockouts and no GPOs being applied- HELP required!
From: Dave Harris (ddh76_at_hotmail.com)
Date: 03/03/05
- Next message: Dmitri Gavrilov [MSFT]: "Re: defragmentation status"
- Previous message: io.com: "Re: defragmentation status"
- Next in thread: Bill Nitz: "Re: Account Lockouts and no GPOs being applied- HELP required!"
- Reply: Bill Nitz: "Re: Account Lockouts and no GPOs being applied- HELP required!"
- Messages sorted by: [ date ] [ thread ]
Date: Thu, 3 Mar 2005 11:42:43 -0000
Environment : Windows 2000 Domain Controller, Exchange 2000 and Windows XP
Pro Clients
Problem : Accounts get locked out after changing password when launching
Outlook 2003 OR when clicking on a Mapped Drive.
BACKGROUND:
We initially had problems with Group Policies not being applied although
this doesn't happen anymore - I think I fixed that issue!
We now occasionally get this error in the DC logs.....
MrxSMB
The master browser has received a server announcement from the computer
xxxxxx that believes that it is the master browser for the domain on
transport NetBT_Tcpip_{8038EBC3-BB86-4730-B7A. The master browser is
stopping or an election is being forced.
I am not sure if the above is related to the issue.....
I also get this error message on occasion...
"The computer xxxxxx tried to connect to the server <Domain Controller>
using the trust relationship established by the xxxxxx domain. However, the
computer lost the correct security identifier (SID) when the domain was
reconfigured. Reestablish the trust relationship" - The computer to which
this error refers is always an imaged machine (NOT SYSPREPPED) and I can
understand why this error occurs. I am just trying to give all available
evidence.
My mapped drives do not have the /d parameter on them and there is nothing
clever going on with my login scripts. Very straightforward drive mappings.
So, when my users launch Outlook 2003, they get a dialogue box to put in
their credentials for the Exchange Server. (Using OWA doesn't produce this
problem)Sometimes it has "DomainName\UserName" already populated in the user
field but then sometimes, it has "ExchangeServer\Username". Not really sure
why it asks for both. When you enter the correct usernname and password, it
simply repeats the dialog box. I have used AccountLockoutstatus.exe and
checked when the last Bad password that is set and it is always when I
launch Outlook BUT THIS ONLY HAPPENS AFTER USER HAS CHANGED PASSWORD. It is
almost as if the password change has not really changed everywhere and
hasn't properly been commited to the machine/user account/memory.
Here is an extract from the netlogon.log :
03/03 10:31:26 [MISC] DsGetDcName function called: Dom:BHDC Acct:(null)
Flags: DS WRITABLE DNS RET_DNS
03/03 10:31:26 [MAILSLOT] Received ping from BHDC BHDC (null) on <Local>
03/03 10:31:26 [MISC] NetpDcGetName: BHDC similar query failed recently
6016 - <THIS WORRIES ME SLIGHTLY!>
I also get a whole load of this error too :
[MISC] DsGetDcName function called: Dom:(null) Acct:(null) Flags: DS
Again, I am a little bit worried that the DSGetDCName function seems to not
recognise the Domain Name!
ANY IDEAS ANYBODY??
Dave
- Next message: Dmitri Gavrilov [MSFT]: "Re: defragmentation status"
- Previous message: io.com: "Re: defragmentation status"
- Next in thread: Bill Nitz: "Re: Account Lockouts and no GPOs being applied- HELP required!"
- Reply: Bill Nitz: "Re: Account Lockouts and no GPOs being applied- HELP required!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
