Re: NTLM Proxy locking user account
- From: "Al Mulnick" <amulnick_No_SPAM@xxxxxxxxxxx>
- Date: Thu, 15 Feb 2007 17:36:17 -0500
I don't have one of those type of networks, but it *sounds* like the
following may be occurring:
You may not have failure auditing turned on for the domain controllers.
You may have a problem with the agent where it causes the failures and you
may just be missing them in the dc logs (see above).
You might want to check with Bluecoat and see if they have any updates and
you may want to verify that you're getting failure audit logs for various
types of audit events and verify that they are working (try logging in
incorrectly to the domain once and see it in the logs.)
Check the server with the agent and verify there are not secondary issues
with that machine.
Al
"Pete" <Pete@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C5EC55E2-D53C-43A2-BF0C-44110278AC91@xxxxxxxxxxxxxxxx
Proxy is made by Bluecoat, & you load proxy agent on the server that will
autenticate user via ntlm against the AD domain when they try to access
web.
Thanks again
"Al Mulnick" wrote:
Just to be sure we're talking the same language, your NTLM proxy - what
is
the exact name of it and version?
Al
"Pete" <Pete@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:42FC4E2E-420D-4EAC-B2A5-3CA36AB57C3A@xxxxxxxxxxxxxxxx
AL,
Thanks for your response....
Sorry just found the logs on server that is running the agent for NTLM
proxy. I was getting successful autentication event id: 680 on the DC &
failure were not showing up there. My question would why the failures
are
only showing up on the Server that is running the agent & not on DC.
Have both Default Domain & Default Domain controller policy turned on
for
audit logs.
Thank You,
"Al Mulnick" wrote:
You turned on the auditing where? On the domain controllers?
"Pete" <Pete@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:4AF9B05A-E2C9-4C62-AD0D-A4DC71C74A05@xxxxxxxxxxxxxxxx
Hello All,
Hoping to find some answers to this problem. We have NTLM proxy in
our
network, every so often users get prompted to login into NTLM proxy
in
order
for them to access particular site (ex: windows update). If a user
happens
to
just put their userid without domain & pwd, their account gets
locked.
We
are
not seeing any logs under security event viewer on the domain.
We have turned on success, failure policy settings for all audit
item
except audit directory service access-- which is set to no auditing.
How is it possible that this ntlm proxy is able to lock out user
account
without generating a log?
Thanks in advance for your insight & help.....
Pete
.
- References:
- Re: NTLM Proxy locking user account
- From: Al Mulnick
- Re: NTLM Proxy locking user account
- From: Al Mulnick
- Re: NTLM Proxy locking user account
- From: Pete
- Re: NTLM Proxy locking user account
- Prev by Date: Re: Unauthorize DHCP server from Authorized list
- Next by Date: Re: Trust between two Forests Fail
- Previous by thread: Re: NTLM Proxy locking user account
- Next by thread: Re: LDAP Search Query Question
- Index(es):
Relevant Pages
|
