Account Lockout Troubleshooting
hello!
i working company has around 2000 users. using windows 2003 ad. have changed policy requiring 10 bad attempt lockouts, down 3 bad attempt lockouts in domain policy. understand ms recommends leaving @ 10, that's not option customer due security/policies. occurring huge increase in account lockouts resulting in 675 errors being generated users after period of time. happens right away, user enters password wrong once , locked out. need isolate process causing invalid login attempts.
<br><br>
we have discovered @ least 1 of 675 errors being generated included user account , ip address did not match normal user's ip address. ran nslookup on address. nslookup result returned machine name has not been physically utilized on network in on year. customer not physically have machine in inventory anymore.
<br><br>
when attempt ping either ip or name of machine, no response.
<br><br>
i hoping additional here. cause behavior? confiker? next logical steps continue isolate issue since appears getting incorrect login info address apparently isn't pingable?
i working company has around 2000 users. using windows 2003 ad. have changed policy requiring 10 bad attempt lockouts, down 3 bad attempt lockouts in domain policy. understand ms recommends leaving @ 10, that's not option customer due security/policies. occurring huge increase in account lockouts resulting in 675 errors being generated users after period of time. happens right away, user enters password wrong once , locked out. need isolate process causing invalid login attempts.
<br><br>
we have discovered @ least 1 of 675 errors being generated included user account , ip address did not match normal user's ip address. ran nslookup on address. nslookup result returned machine name has not been physically utilized on network in on year. customer not physically have machine in inventory anymore.
<br><br>
when attempt ping either ip or name of machine, no response.
<br><br>
i hoping additional here. cause behavior? confiker? next logical steps continue isolate issue since appears getting incorrect login info address apparently isn't pingable?
you should able determine whether dealing conficker following http://support.microsoft.com/kb/962007 (which gives mitigation/resolution methods). if not case, refer http://technet.microsoft.com/en-us/library/cc776964.aspx
is event referencing non-responsive ip address isolated incident? if so, positive ip address not used @ time when event generated?
hth
marcin
is event referencing non-responsive ip address isolated incident? if so, positive ip address not used @ time when event generated?
hth
marcin
Windows Server > Directory Services
Comments
Post a Comment