Re: Authentication failures

Hi Mike,

I checked the application eventlog on the XP client and it has a bunch of
Userenv eventid 1030 and Userenv eventid 1006 logged?

Likely a problem with cached credentials. See below:

Try: Control Panel -> User Accounts -> Advanced tab -> Manage Passwords, and
removed the user from the list. Reboot.

or:

Temporarily give the affected user administrative privileges and find the
stored user name info when logged in as that user. Go to Start -> Control
Panel -> User Accounts -> Advanced tab -> Manage Passwords. Note that you
cannot go in to this area without Admin privileges and you cannot see them
when you are logged in as another user. Once I found and deleted the stored
credentials, I removed admin privileges and was able to log in normally
without the authentication problems.

These solutions are both from http://www.eventid.net - everyone should
subscribe :-).

Hope it helps.


--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"Mike Bannister" <mbannist@xxxxxxxxx (donotspam)> wrote in message
news:B52FFB23-53D2-4CCD-9BFC-EA3097291E42@xxxxxxxxxxxxxxxx
The user "JeanHinsley" can log in to the domain from the machine
"BCCIJHINSLEY". The problem isn't that you are unable to login, it is
rather,
why are these errors in the event log every day? It consistenly logs 30 or
more security event 529's every day in addition to the the 5277 netlogon
errors.

It has not been re-imaged and as far as I know the password has not been
changed recently. Other users can log in to this workstation under their
domain accounts as well?

I checked the application eventlog on the XP client and it has a bunch of
Userenv eventid 1030 and Userenv eventid 1006 logged?
--
Mike Bannister


"Gabriel C. Stan" wrote:

Then it is a machine problem since it is isolated on the desktop.
Can any other accont login from this desktop?
if not then else go to end
Did you change the workstation SID?
Have you reinstalled / reimaged the desktop?
if yes then register the desktop as workstation on domain else check
login
restictions on the "Mike Bannister" account, as locations
end if no one can login from this desktop then the desktop is "banned"
chack
antivirus or any other app that can block access from a workstation
(firewalls)

"Mike Bannister" wrote:

The user account is not locked out. The user is able to logon to other
workstations in the domain. No the user has not recently changed
password and
lastly the user never logs in on any other workstation so simultaneous
multiple client sessions can be ruled out also.
--
Mike Bannister


"AllenM" wrote:

When you checked was the user account locked out? Can they log onto
another
machine? Has the user recently change their password? Perhaps they
were
still logged in elswhere when they did?


"Mike Bannister" <mbannist@xxxxxxxxx (donotspam)> wrote in message
news:34730CED-376D-4DAD-98BA-EFAFEE538045@xxxxxxxxxxxxxxxx
I wish it were that obvious and easy. Of course I have checked the
user
account. The user logs in every day. The bulk of the events are
occuring
during off hours when the user is not present?


--
Mike Bannister


"Mike Bannister" wrote:

I am running SBS 2003 Sp1 with all XP pro clients. One of the
clients has
suddenly started causing security event 529 as well as a netlogon
failure
event 5722. I have tried deleting machine from domain and
rejoining and
it
did not solve issueThe logs shows the following:

Source Event ID Last Occurrence Total
Occurrences
Security 529 2/3/2006 5:23 AM 26
*
Logon Failure:
Reason: Unknown user name or bad password
User Name: JeanHinsley
Domain: BCCIPDC
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: BCCIJHINSLEY
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 192.168.0.33
Source Port: 3391


Source Event ID Last Occurrence Total
Occurrences
NETLOGON 5722 2/3/2006 4:25 AM 6 *

The session setup from the computer BCCIJHINSLEY failed to
authenticate.
The
name(s) of the account(s) referenced in the security database is
BCCIJHINSLEY$. The following error occurred: Access is denied.

Thanks in advance for your help...

--
Mike Bannister





.

Relevant Pages

  • Re: Authentication failures
    ... The problem isn't that you are unable to login, it is rather, ... Did you change the workstation SID? ... restictions on the "Mike Bannister" account, ... lastly the user never logs in on any other workstation so simultaneous ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication failures
    ... Can any other accont login from this desktop? ... Did you change the workstation SID? ... restictions on the "Mike Bannister" account, ... Caller User Name: - ...
    (microsoft.public.windows.server.sbs)
  • Re: Authentication failures
    ... If yes I would be leaning torwards a corrupt profile. ... lastly the user never logs in on any other workstation so simultaneous ... The user logs in every day. ... Logon Failure: ...
    (microsoft.public.windows.server.sbs)
  • Re: Permit only one network logon per user
    ... I assign a unique username and password per user of this service. ... Alice logs on at workstation A. Alice then logs on at workstation B, ...
    (microsoft.public.windows.server.security)
  • Group policy / LDAP error
    ... I have a user that gets an error every time he logs in. ... difference what workstation he logs on to and other accounts do not get an ... The Local Security Authority cannot be contacted. ... Failed to query SPC registration on DC ...
    (microsoft.public.windows.group_policy)