Single user issue; best troubleshooting

Can anyone recommend the best steps for isolating the trouble when a
single user account repeatedly prompts for authentication?

I have devoted considerable time and effort to isolating the cause of a
case like this, but have not YET removed the user from Active Directory
and recreated her account. That's not especially my job, since the
user "should not" be having a problem to begin with. However, I have
backed up her account (Outlook 2003 .pst files, Favorites and "My
Documents") and retored same to a completely re-imaged (Ghost) Windows
XP workstation, and yet the problem continues.

We have seen 40690, 40691, 1030 and other events captured in Event
Viewer but as helpdesk technicians are not familiar with "behind the
scenes" workings of Active Directory (e.g. we have not been as fully
trained as the Admins., etc).

Furthermore I have been casually (not officially) told the user's
account must be removed from Active Directory for 24 hours and then
restored (or re-created), and this seems a lengthy investment in time
and patience for an uncertain outcome. In other words, I would hate to
do it and NOT have the problem resolved.

So if there exists a checklist of things to examine or a "best
practices" page related to things that go wrong with user accounts, I
would very much like to know about it.

User platform: Windows XP
Service Pack level: 2
Office 2003 level: 2
Outlook 2003 level: 2
Environment: Windows Server 2003
Env. size: 4,000 - 5,000 (users total)
(with a couple of hundred at the user's building/site)

Kerberos/NTLM authentication seemed to be failing 50% of the time on
"Directory" as shown in Outlook 2003's "Connection Status" window, so
we switched to "NTLM" alone and the failed attempts dropped to 2 in a
1,000 (also switching to "Mail" from "Directory"). Does this mean
something significant?

Any direction on this is very much appreciated. I'm not placing blame
or pointing fingers towards any administrator, specific feature of, or
inherent quality of Active Directory. I just want to FIX the user and
KNOW (or learn) what went wrong.

Is this possible? It must be.

.

Relevant Pages

  • Drive encryption integration to Active Directory
    ... authentication to Active Directory. ... Are there any other applications with SSO authentication to Active ... Can any of the encryption applications utilize the AD user account ...
    (alt.computer.security)
  • Re: Security logging ldap Authentication in Active Directory
    ... That means the service account authenticated, ... I am trying to setup a NetApp NetCache to use ldap authentication with Active Directory. ... The configuration that we have is currently working except that authentication request only show up as "success" in the event log of the domain controller with the service account name, not the user account name that was authenticated. ...
    (microsoft.public.windows.server.active_directory)
  • Re: ias event id 3
    ... and then passes authentication off to my ... Have you authorized the IAS server in AD so that it has permission to read ... user account properties there? ... the IAS server to read user accounts in Active Directory" ...
    (microsoft.public.internet.radius)
  • Re: How can I avoid using SQL Authentication with the Office Web Parts?
    ... That does not sound like Office Web Parts ignoring impersonation. ... your logged on user credentials as authentication. ... Exposing any functionality on a server creates a security risk. ... If I log into my machine using one domain user account and then log into the ...
    (microsoft.public.office.developer.web.components)
  • Re: How can I avoid using SQL Authentication with the Office Web Parts?
    ... That does not sound like Office Web Parts ignoring impersonation. ... your logged on user credentials as authentication. ... Exposing any functionality on a server creates a security risk. ... If I log into my machine using one domain user account and then log into the ...
    (microsoft.public.inetserver.iis)