Re: Authentication failures

One more test. Can you or anyone else log onto the domain from the
workstation? If yes I would be leaning torwards a corrupt profile. Delete
the old one, make sure you svae her desktop and documents and recreate a new
one next logon. Delete the profile from right click My
Computer/Properties/Advance/User Profiles Settings.


"Mike Bannister" <mbannist@xxxxxxxxx (donotspam)> wrote in message
news:B7249267-0CCA-4692-BB9D-F82A33E281E5@xxxxxxxxxxxxxxxx
The user account is not locked out. The user is able to logon to other
workstations in the domain. No the user has not recently changed password
and
lastly the user never logs in on any other workstation so simultaneous
multiple client sessions can be ruled out also.
--
Mike Bannister


"AllenM" wrote:

When you checked was the user account locked out? Can they log onto
another
machine? Has the user recently change their password? Perhaps they were
still logged in elswhere when they did?


"Mike Bannister" <mbannist@xxxxxxxxx (donotspam)> wrote in message
news:34730CED-376D-4DAD-98BA-EFAFEE538045@xxxxxxxxxxxxxxxx
I wish it were that obvious and easy. Of course I have checked the user
account. The user logs in every day. The bulk of the events are
occuring
during off hours when the user is not present?


--
Mike Bannister


"Mike Bannister" wrote:

I am running SBS 2003 Sp1 with all XP pro clients. One of the clients
has
suddenly started causing security event 529 as well as a netlogon
failure
event 5722. I have tried deleting machine from domain and rejoining
and
it
did not solve issueThe logs shows the following:

Source Event ID Last Occurrence Total
Occurrences
Security 529 2/3/2006 5:23 AM 26 *
Logon Failure:
Reason: Unknown user name or bad password
User Name: JeanHinsley
Domain: BCCIPDC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: BCCIJHINSLEY
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.33
Source Port: 3391


Source Event ID Last Occurrence Total Occurrences
NETLOGON 5722 2/3/2006 4:25 AM 6 *

The session setup from the computer BCCIJHINSLEY failed to
authenticate.
The
name(s) of the account(s) referenced in the security database is
BCCIJHINSLEY$. The following error occurred: Access is denied.

Thanks in advance for your help...

--
Mike Bannister





.

Relevant Pages

  • Re: event id 675
    ... workstation and uses a valid domain account name but enters a bad ... Failure Code 24.By reviewing each of your DC Security logs ... providing the username and domain name, ... address of the system from which the logon attempt originated. ...
    (microsoft.public.win2000.security)
  • W2003 profiles broken after password change
    ... User logs on to workstation, and is prompted to change password. ... On machines where the user password was changed, a local profile is created ... change are set to roaming. ...
    (microsoft.public.windows.server.general)
  • Re: Local admin rights not flowing through
    ... It sounds like it could be a problem with contacting the domain controller ... You can check the security log on the client workstation, ... assuming auditing of logon events is enabled as shown in Local Security ... >>> the profile. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Event ID 1000 for Outlook 2003
    ... Have you tried a new outlook user profile for user A? ... > If User B logs into User A's workstation, ...
    (microsoft.public.outlook)
  • Re: Roaming profile question
    ... When the first workstation logs off the changes are recorded to roaming ... changes to there user profile that was made on the two workstations the ... Active Directory with roaming profiles set up with WinXP ...
    (microsoft.public.win2000.advanced_server)