Re: iusr/iwam account lockout
- From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
- Date: Mon, 27 Aug 2007 11:07:43 GMT
Hi Kevin,
Thanks for your reply.
I am sorry for the delay.
I am glad to know the problem is resolved. I'd like to make a summary for
this post.
Problem: Both IUSR and IWAM accounts are locked out on SBS server.
Solution: Modify the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
1. Click "Start", and then click "Run".
2. In the "Open" box, type "regedt32.exe" (without the quotation marks),
and then click "OK".
3. Click the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
4. In the right pane, double-click CrashOnAuditFail.
5. In the "Value data" box, type "0" (without the quotation marks) (zero),
and then click "OK".
6. Click "Start", and then click "Run".
7. In the "Open" box, type "secedit /refreshpolicy machine_policy/enforce"
(without the quotation marks), and then click "OK" to apply the new
security setting.
For future postings, I would like to list the following information as a
guideline when submitting new posts in the future. This information will
help us to understand the issue and situation more quickly. Thank you!
1. Has the server/client/product ever worked?
2. If so, what changed?
3. What service packs and updates were applied?
4. What are the steps to reproduce the problem?
5. Does it happen the same way on any other systems?
6. Please provide the exact error message with any screenshots, if possible.
If you need any assistance in the future, please feel free to post in our
newsgroup.
Best regards,
Robert Li(MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
<X-Tomcat-ID: 172005666
<References: <OYFMqc42HHA.212@xxxxxxxxxxxxxxxxxxxx>
<#qW1cJ82HHA.4400@xxxxxxxxxxxxxxxxxxxx>
<vZ8OGVY3HHA.6140@xxxxxxxxxxxxxxxxxxxxxx>
<MIME-Version: 1.0
<Content-Type: text/plain
<Content-Transfer-Encoding: 7bit
<From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
<Organization: Microsoft
<Date: Tue, 14 Aug 2007 12:33:38 GMT
<Subject: Re: iusr/iwam account lockout
<X-Tomcat-NG: microsoft.public.windows.server.sbs
<Message-ID: <5#H3Y9m3HHA.4200@xxxxxxxxxxxxxxxxxxxxxx>
<Newsgroups: microsoft.public.windows.server.sbs
<Lines: 212
<Path: TK2MSFTNGHUB02.phx.gbl
<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:56402
<NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
<
<Hi Kevin,
<
<I am sorry for the typo.
<
<Please modify the following registry key:
<
< HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
<
<1. Click "Start", and then click "Run".
<2. In the "Open" box, type "regedt32.exe" (without the quotation marks),
<and then click "OK".
<3. Click the following registry key:
<
<HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\CrashOnAuditFail
<
<4. In the right pane, double-click CrashOnAuditFail.
<5. In the "Value data" box, type "0" (without the quotation marks)
<(zero), and then click "OK".
<6. Click "Start", and then click "Run".
<7. In the "Open" box, type "secedit /refreshpolicy machine_policy/enforce"
<(without the quotation marks), and then click "OK" to apply the new
<security setting.
<
<Please try my suggestions and let me know the result.
<
<Best regards,
<
<Robert Li(MSFT)
<
<Microsoft CSS Online Newsgroup Support
<
<Get Secure! - www.microsoft.com/security
<
<=====================================================
<
<This newsgroup only focuses on SBS technical issues. If you have issues
<regarding other Microsoft products, you'd better post in the corresponding
<newsgroups so that they can be resolved in an efficient and timely manner.
<You can locate the newsgroup here:
<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<
<When opening a new thread via the web interface, we recommend you check
the
<"Notify me of replies" box to receive e-mail notifications when there are
<any updates in your thread. When responding to posts via your newsreader,
<please "Reply to Group" so that others may learn and benefit from your
<issue.
<
<Microsoft engineers can only focus on one issue per thread. Although we
<provide other information for your reference, we recommend you post
<different incidents in different threads to keep the thread clean. In
doing
<so, it will ensure your issues are resolved in a timely manner.
<
<For urgent issues, you may want to contact Microsoft CSS directly. Please
<check http://support.microsoft.com for regional support phone numbers.
<
<Any input or comments in this thread are highly appreciated.
<
<=====================================================
<
<This posting is provided "AS IS" with no warranties, and confers no rights.
<
<--------------------
<<X-Tomcat-ID: 97573153
<<References: <OYFMqc42HHA.212@xxxxxxxxxxxxxxxxxxxx>
<<#qW1cJ82HHA.4400@xxxxxxxxxxxxxxxxxxxx>
<<MIME-Version: 1.0
<<Content-Type: text/plain
<<Content-Transfer-Encoding: 7bit
<<From: v-robeli@xxxxxxxxxxxxxxxxxxxx (Robert Li [MSFT])
<<Organization: Microsoft
<<Date: Mon, 13 Aug 2007 08:38:03 GMT
<<Subject: Re: iusr/iwam account lockout
<<X-Tomcat-NG: microsoft.public.windows.server.sbs
<<Message-ID: <vZ8OGVY3HHA.6140@xxxxxxxxxxxxxxxxxxxxxx>
<<Newsgroups: microsoft.public.windows.server.sbs
<<Lines: 133
<<Path: TK2MSFTNGHUB02.phx.gbl
<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:56056
<<NNTP-Posting-Host: tomcatimport2.phx.gbl 10.201.218.182
<<
<<Hello Kevin,
<<
<<Thanks for posting in our newsgroup.
<<
<<From your description, I know that both IUSR and IWAM accounts are locked
<<out. If that's not right, please don't hesitate to let me know.
<<
<<If the IUSR and IWAM account are locked out, it will cause other issues
<<such as website access. If the problem is urgent, a suggestion is to call
<<CSS directly who will give you more effective and rapid support.
<<
<<Based on my research, please take the following steps to see if the
<problem
<<can be resolved:
<<
<<Please take the following steps to unlock the accounts:
<<
<<1. Open Active Directory Users and Computer.
<<2. Go to Domail.local\System\Users.
<<3. Right click IUSR-ComputerName and select Properties.
<<4. On the Account tab, uncheck the box: Account is locked out.
<<5. Do the same things with IWAN.
<<
<<Step 2: Edit the CrashOnAuditFail Registry Key
<<
<<1. Click "Start", and then click "Run".
<<2. In the "Open" box, type "regedt32.exe" (without the quotation marks),
<<and then click "OK".
<<3. Click the following registry key:
<<
<< HKEY_LOCAL_MACHINE\CurrentControlSet\Control\Lsa\CrashOnAuditFail
<<
<<4. In the right pane, double-click CrashOnAuditFail.
<<5. In the "Value data" box, type "0" (without the quotation marks)
(zero),
<<and then click "OK".
<<6. Click "Start", and then click "Run".
<<7. In the "Open" box, type "secedit /refreshpolicy machine_policy
</enforce"
<<(without the quotation marks), and then click "OK" to apply the new
<<security setting.
<<
<<8. Restart your server.
<<
<<Does it work now?
<<
<<Step 3: Please run the following command and try again.
<<
<<cscript c:\Inetpub\AdminScripts\synciwam.vbs
<<
<<To find out the root cause of the issue, please help me collect the
<<following information for further research:
<<
<<MPS Report
<<
<<1) Download MPS report tool from:
<<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0b
d
<9
<<15706/MPSRPT_SETUPPerf.EXE
<<2) Run the MPSRPT_SETUPPerf.exe on the server box.
<<3) Wait for 10~15 minutes.
<<4) Open Windows explorer, navigate to
<<%SYSTEMROOT%\MPSReports\Setup\Reports\cab\
<<5) Send the .cab file to us.
<<
<<Please send the information to v-robeli@xxxxxxxxxxxxx with subject:
<<40143643-iusr/iwam account lockout.
<<
<<I am looking forward to hear from you.
<<
<<If you need further assistance, please don't hesitate to let me know.
<<
<<Best regards,
<<
<<Robert Li(MSFT)
<<
<<Microsoft CSS Online Newsgroup Support
<<
<<Get Secure! - www.microsoft.com/security
<<
<<=====================================================
<<
<<This newsgroup only focuses on SBS technical issues. If you have issues
<<regarding other Microsoft products, you'd better post in the
corresponding
<<newsgroups so that they can be resolved in an efficient and timely
manner.
<<You can locate the newsgroup here:
<<http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
<<
<<When opening a new thread via the web interface, we recommend you check
<the
<<"Notify me of replies" box to receive e-mail notifications when there are
<<any updates in your thread. When responding to posts via your newsreader,
<<please "Reply to Group" so that others may learn and benefit from your
<<issue.
<<
<<Microsoft engineers can only focus on one issue per thread. Although we
<<provide other information for your reference, we recommend you post
<<different incidents in different threads to keep the thread clean. In
<doing
<<so, it will ensure your issues are resolved in a timely manner.
<<
<<For urgent issues, you may want to contact Microsoft CSS directly. Please
<<check http://support.microsoft.com for regional support phone numbers.
<<
<<Any input or comments in this thread are highly appreciated.
<<
<<=====================================================
<<
<<This posting is provided "AS IS" with no warranties, and confers no
rights.
<<
<<--------------------
<<<From: "bass_player [SBS-MVP]" <bass_player@xxxxxxxx>
<<<References: <OYFMqc42HHA.212@xxxxxxxxxxxxxxxxxxxx>
<<<Subject: Re: iusr/iwam account lockout
<<<Date: Sat, 11 Aug 2007 10:50:19 +0800
<<<Lines: 218
<<<MIME-Version: 1.0
<<<Content-Type: multipart/related;
<<< type="multipart/alternative";
<<< boundary="----=_NextPart_000_002C_01C7DC05.68A17F30"
<<<X-Priority: 3
<<<X-MSMail-Priority: Normal
<<<X-Newsreader: Microsoft Outlook Express 6.00.2900.3138
<<<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3138
<<<Message-ID: <#qW1cJ82HHA.4400@xxxxxxxxxxxxxxxxxxxx>
<<<Newsgroups: microsoft.public.windows.server.sbs
<<<NNTP-Posting-Host: cm106.omega105.maxonline.com.sg 218.186.105.106
<<<Path: TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTNGP06.phx.gbl
<<<Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:55864
<<<X-Tomcat-NG: microsoft.public.windows.server.sbs
<<<
<<<Looks like this account is being hacked. Can you check/post the security
<<logs for more details?
<<< "Kevin Le" <kevinle@xxxxxxxxxx?subject=Regarding%20Your%20Post> wrote
<in
<<message news:OYFMqc42HHA.212@xxxxxxxxxxxxxxxxxxxxxxx
<<< Hi,
<<< I need some help with this problem. We have an sbs 2003 box running
<<fine till yesterday suddenly around 5 am both iusr and iwam account was
<<reported lockout after a series of failed login. Anyone have any idea
<<what's going on? why is it doing that? I going through the events log and
<<couldn't figure out what is going on.
<<< Kevin
<<<
<<
<<
<
<
.
- References:
- iusr/iwam account lockout
- From: Kevin Le
- Re: iusr/iwam account lockout
- From: bass_player [SBS-MVP]
- Re: iusr/iwam account lockout
- From: Robert Li [MSFT]
- Re: iusr/iwam account lockout
- From: Robert Li [MSFT]
- iusr/iwam account lockout
- Prev by Date: Re: Added Broadcom NIC Drivers to RIS - How do I re-create the PNF Files??? Help!
- Next by Date: RE: VPN
- Previous by thread: Re: iusr/iwam account lockout
- Next by thread: Re: installing new server
- Index(es):
Relevant Pages
|
