Re: Domain Admins Account.... Locked Out ever 15 minutes

From: Paul Bergson (pbergson_nospam_at_allete.com)
Date: 03/21/05 

Date: Mon, 21 Mar 2005 16:34:55 -0600

You probably have an account on a machine that has an old password in it.
Run LockoutStatus.exe from the link below and select the security template.
This will generate logs. Examine the logs and look for your id and it
should provide and IP address that is failing authentication. Go to that
machine and reset the password.

ALoInfo will provide where dc's are starting lockout as well so you can see
which site this is starting in.

http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e

You may want to consider using a service type account in the future, so that
it doesn't impact you logging on. 

-- 
Paul Bergson  MCT, MCSE, MCSA, CNE, CNA, CCA
This posting is provided "AS IS" with no warranties, and confers no rights.
"Johnny Azuaje" <JohnnyAzuaje@discussions.microsoft.com> wrote in message
news:4F001330-7BC8-4732-9701-AD681087BCF5@microsoft.com...
> Hello everybody. I have a problem. Please, let me show you my IT
> infrastructure.
>
> We have two Domain Controllers at headquarter, and two Domain Controllers,
> (for the same domain), at every branch office.
>
> I have an account that belong to the Domain Admin's group; which I use it
to
> start some services in my network.
>
> Every 15 minutes (aprox.) this account has been locked out.... once and
once
> again.
>
> In the security log for a Domain Controller in a branch office, I've
> encountered the following record:
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 3/21/2005
> Time: 4:44:18 PM
> User: NT AUTHORITY\SYSTEM
> Computer: CETI
> Description:
> Logon Failure:
>   Reason: Unknown user name or bad password
>   User Name: myaccount
>   Domain: MYDOMAIN
>   Logon Type: 7
>   Logon Process: Advapi
>   Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
>   Workstation Name: MYBRANCH_DC
>
>
> 1.- Do you know exactly what this message mean?
> 2.- How I can solve this problem, definitively?
>
> Thanks a lot...!!!!
>
>

Relevant Pages

  • [EC-SA-01.2003] Windows XP "welcome screen" exposes the names of all the members of the l
    ... logon screen with what is called "Welcome Screen". ... (including the original administrator account, ... Using the "welcome screen" actually disables / ignores the security ...
    (Bugtraq)
  • Re: ATTN : Microsoft - Security Event 529....Second Request for help....
    ... According to the events, the logon ... failure is from the local machine account. ... disconnected from the network. ... Security Event ID 529 is a failure audit for logon/logoff. ...
    (microsoft.public.windows.server.sbs)
  • RE: Event ID 529 on cleint workstation
    ... Security Event ID 529 is a failure audit for logon/logoff. ... "logon events" generate the events on domain controllers for domain account ... The Event 529 was caused by the machine account password not being ... I suggest that you re-join the client to ...
    (microsoft.public.windows.server.sbs)
  • Re: Is it really true that NTFS is secure?
    ... The account Group got put back in the Administrator group again. ... Event Source: Security ... The logon to account: Administrator ...
    (microsoft.public.security)
  • Re: Please help refresh my memory on AD DC
    ... When I boot my Laptop I reach the Logon screeen for XP Laptop and here ... admin account to be able to Login so I can control it from the DC. ... A domain user can by default logon to any domain computer, except Domain controllers. ... A Server has websites already hosted on it in a Workgroup and now I ...
    (microsoft.public.windows.server.active_directory)