Users in Win98 workstations having account locked in Activ..

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi,

We just upgraded a Windows NT 4 domain to Active Directory. The client
computers are comprised of Windows 98, Windows 98 SE and Windows 2000 Pro
machines.
Exchnage 5.5 is installed in a Windows 2000 DC.

We are having the following problem, with the Windows 98 machines:
A lot of the users in the 98 workstations are getting their accounts locked
out (the account lockout police locks an account after 3 failed tries, cant
change this) randomly.

In the DC security logs, I get a lot of errors:

Source: Security
Category: Account Logon
Type: Failure
Event ID: 681
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
The logon to account: xxxxxxx
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: \\xxxxxxx
failed. The error code was: 3221226036

Source: Security
Category: Logon\Logoff
Type: Failure
Event ID: 529
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: xxxxxxxx
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\xxxxxx

Source: Security
Category: Logon\Logoff
Type: Failure
Event ID: 539
User: NT AUTHORITY\SYSTEM
Computer: DC
Description:
Logon Failure:
Reason: Account locked out
User Name: xxxxxx
Domain: DOMAIN
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: \\xxxxxx

Source: Security
Category: Account Management
Type: Success
Event ID: 642
User: Everyone
Computer: DC
Description:
User Account Changed:
Account Locked.
Target Account Name: vnd_bruno
Target Domain: BRAZIL
Target Account ID: BRAZIL\vnd_bruno
Caller User Name: DC02SRV$
Caller Domain: BRAZIL
Caller Logon ID: (0x0,0x3E7)
Privileges: -

Source: Security
Category: Account Management
Type: Success
Event ID: 644
User: Everyone
Computer: DC
Description:
User Account Locked Out:
Target Account Name: XXXXXX
Target Account ID: DOMAIN\XXXXXX
Caller Machine Name: \\XXXXXXX
Caller User Name: DC$
Caller Domain: DOMAIN
Caller Logon ID: (0x0,0x3E7)

It appears as although the users use its right credentials, the accounts are
being locked by the system.

I have checked lots of things and already tried: installing and uninstalling
DSClient on the 98 workstations; allowed anything on the LAN Manager
Authentication Level in Security Options in the Domain Security Police;
edited the users account properties in Active Directory to check "Do not
require Kerberos preauthentication"; checked to make sure users were logging
in the domain and not in the Windows 98 workstation; but nothing worked so
far, accounts are still being locked out randomly.

Can anyone help me?

Thanks in advance.
5 answers Last reply
More about users win98 workstations account locked activ
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi,

    As a band-aid, you can change the lockout thresholds in:
    Domain Security Policy | Windows Settings | Security Settings | Account
    Policies | Account Lockout Policy

    Fix the root of this, though. Don't just make the change and leave it like
    that.

    Viruses and Worms can hit your AD and try to break in using a brute force
    attack. You will want to make sure that you are not seeing the system
    protect itself from something like this by disabling the accounts. This is
    pretty common in the more recent worms. Use your Antivirus program to do a
    full sweep of all of your workstations.

    I'd also be very concerned about the account management changes done by the
    Everyone account, as listed by your appended account logs.

    As an aside, I would suggest that you work to get rid of your 9x machines
    and replace or upgrade them. Because of the complications and potential
    problems, upgrade or attrition of 9x machines should be considered part of
    the cost of a migration to 2k/2k3 server. Generally if an organization
    can't afford the workstation upgrade, they can't afford the manpower and
    downtime that will come with supporting the 9x machines on the new network.
    (IMHO)
    --
    Ryan Hanisco
    MCSE, MCDBA
    Flagship Integration Services

    "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    news:BE5508A9-B6BA-4988-AFC0-F0059D1D7BD1@microsoft.com...
    > Hi,
    >
    > We just upgraded a Windows NT 4 domain to Active Directory. The client
    > computers are comprised of Windows 98, Windows 98 SE and Windows 2000 Pro
    > machines.
    > Exchnage 5.5 is installed in a Windows 2000 DC.
    >
    > We are having the following problem, with the Windows 98 machines:
    > A lot of the users in the 98 workstations are getting their accounts
    locked
    > out (the account lockout police locks an account after 3 failed tries,
    cant
    > change this) randomly.
    >
    > In the DC security logs, I get a lot of errors:
    >
    > Source: Security
    > Category: Account Logon
    > Type: Failure
    > Event ID: 681
    > User: NT AUTHORITY\SYSTEM
    > Computer: DC
    > Description:
    > The logon to account: xxxxxxx
    > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    > from workstation: \\xxxxxxx
    > failed. The error code was: 3221226036
    >
    > Source: Security
    > Category: Logon\Logoff
    > Type: Failure
    > Event ID: 529
    > User: NT AUTHORITY\SYSTEM
    > Computer: DC
    > Description:
    > Logon Failure:
    > Reason: Unknown user name or bad password
    > User Name: xxxxxxxx
    > Domain: DOMAIN
    > Logon Type: 3
    > Logon Process: NtLmSsp
    > Authentication Package: NTLM
    > Workstation Name: \\xxxxxx
    >
    > Source: Security
    > Category: Logon\Logoff
    > Type: Failure
    > Event ID: 539
    > User: NT AUTHORITY\SYSTEM
    > Computer: DC
    > Description:
    > Logon Failure:
    > Reason: Account locked out
    > User Name: xxxxxx
    > Domain: DOMAIN
    > Logon Type: 3
    > Logon Process: NtLmSsp
    > Authentication Package: NTLM
    > Workstation Name: \\xxxxxx
    >
    > Source: Security
    > Category: Account Management
    > Type: Success
    > Event ID: 642
    > User: Everyone
    > Computer: DC
    > Description:
    > User Account Changed:
    > Account Locked.
    > Target Account Name: vnd_bruno
    > Target Domain: BRAZIL
    > Target Account ID: BRAZIL\vnd_bruno
    > Caller User Name: DC02SRV$
    > Caller Domain: BRAZIL
    > Caller Logon ID: (0x0,0x3E7)
    > Privileges: -
    >
    > Source: Security
    > Category: Account Management
    > Type: Success
    > Event ID: 644
    > User: Everyone
    > Computer: DC
    > Description:
    > User Account Locked Out:
    > Target Account Name: XXXXXX
    > Target Account ID: DOMAIN\XXXXXX
    > Caller Machine Name: \\XXXXXXX
    > Caller User Name: DC$
    > Caller Domain: DOMAIN
    > Caller Logon ID: (0x0,0x3E7)
    >
    > It appears as although the users use its right credentials, the accounts
    are
    > being locked by the system.
    >
    > I have checked lots of things and already tried: installing and
    uninstalling
    > DSClient on the 98 workstations; allowed anything on the LAN Manager
    > Authentication Level in Security Options in the Domain Security Police;
    > edited the users account properties in Active Directory to check "Do not
    > require Kerberos preauthentication"; checked to make sure users were
    logging
    > in the domain and not in the Windows 98 workstation; but nothing worked so
    > far, accounts are still being locked out randomly.
    >
    > Can anyone help me?
    >
    > Thanks in advance.
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Hi Ryan,
    This is not a virus/worm problem, I have scanned all machines using multiple
    antivirus software.
    I cant change the lockout threshold.
    As I said it is a problem related to the Windows 98 machines authenticating
    in the AD domain, it appears that the Windows 98 sends wrong credentias to
    the Domain Controllers when the users logged try to access a file share in
    the Domain Controllers.

    "Ryan Hanisco" wrote:

    > Hi,
    >
    > As a band-aid, you can change the lockout thresholds in:
    > Domain Security Policy | Windows Settings | Security Settings | Account
    > Policies | Account Lockout Policy
    >
    > Fix the root of this, though. Don't just make the change and leave it like
    > that.
    >
    > Viruses and Worms can hit your AD and try to break in using a brute force
    > attack. You will want to make sure that you are not seeing the system
    > protect itself from something like this by disabling the accounts. This is
    > pretty common in the more recent worms. Use your Antivirus program to do a
    > full sweep of all of your workstations.
    >
    > I'd also be very concerned about the account management changes done by the
    > Everyone account, as listed by your appended account logs.
    >
    > As an aside, I would suggest that you work to get rid of your 9x machines
    > and replace or upgrade them. Because of the complications and potential
    > problems, upgrade or attrition of 9x machines should be considered part of
    > the cost of a migration to 2k/2k3 server. Generally if an organization
    > can't afford the workstation upgrade, they can't afford the manpower and
    > downtime that will come with supporting the 9x machines on the new network.
    > (IMHO)
    > --
    > Ryan Hanisco
    > MCSE, MCDBA
    > Flagship Integration Services
    >
    > "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    > news:BE5508A9-B6BA-4988-AFC0-F0059D1D7BD1@microsoft.com...
    > > Hi,
    > >
    > > We just upgraded a Windows NT 4 domain to Active Directory. The client
    > > computers are comprised of Windows 98, Windows 98 SE and Windows 2000 Pro
    > > machines.
    > > Exchnage 5.5 is installed in a Windows 2000 DC.
    > >
    > > We are having the following problem, with the Windows 98 machines:
    > > A lot of the users in the 98 workstations are getting their accounts
    > locked
    > > out (the account lockout police locks an account after 3 failed tries,
    > cant
    > > change this) randomly.
    > >
    > > In the DC security logs, I get a lot of errors:
    > >
    > > Source: Security
    > > Category: Account Logon
    > > Type: Failure
    > > Event ID: 681
    > > User: NT AUTHORITY\SYSTEM
    > > Computer: DC
    > > Description:
    > > The logon to account: xxxxxxx
    > > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    > > from workstation: \\xxxxxxx
    > > failed. The error code was: 3221226036
    > >
    > > Source: Security
    > > Category: Logon\Logoff
    > > Type: Failure
    > > Event ID: 529
    > > User: NT AUTHORITY\SYSTEM
    > > Computer: DC
    > > Description:
    > > Logon Failure:
    > > Reason: Unknown user name or bad password
    > > User Name: xxxxxxxx
    > > Domain: DOMAIN
    > > Logon Type: 3
    > > Logon Process: NtLmSsp
    > > Authentication Package: NTLM
    > > Workstation Name: \\xxxxxx
    > >
    > > Source: Security
    > > Category: Logon\Logoff
    > > Type: Failure
    > > Event ID: 539
    > > User: NT AUTHORITY\SYSTEM
    > > Computer: DC
    > > Description:
    > > Logon Failure:
    > > Reason: Account locked out
    > > User Name: xxxxxx
    > > Domain: DOMAIN
    > > Logon Type: 3
    > > Logon Process: NtLmSsp
    > > Authentication Package: NTLM
    > > Workstation Name: \\xxxxxx
    > >
    > > Source: Security
    > > Category: Account Management
    > > Type: Success
    > > Event ID: 642
    > > User: Everyone
    > > Computer: DC
    > > Description:
    > > User Account Changed:
    > > Account Locked.
    > > Target Account Name: vnd_bruno
    > > Target Domain: BRAZIL
    > > Target Account ID: BRAZIL\vnd_bruno
    > > Caller User Name: DC02SRV$
    > > Caller Domain: BRAZIL
    > > Caller Logon ID: (0x0,0x3E7)
    > > Privileges: -
    > >
    > > Source: Security
    > > Category: Account Management
    > > Type: Success
    > > Event ID: 644
    > > User: Everyone
    > > Computer: DC
    > > Description:
    > > User Account Locked Out:
    > > Target Account Name: XXXXXX
    > > Target Account ID: DOMAIN\XXXXXX
    > > Caller Machine Name: \\XXXXXXX
    > > Caller User Name: DC$
    > > Caller Domain: DOMAIN
    > > Caller Logon ID: (0x0,0x3E7)
    > >
    > > It appears as although the users use its right credentials, the accounts
    > are
    > > being locked by the system.
    > >
    > > I have checked lots of things and already tried: installing and
    > uninstalling
    > > DSClient on the 98 workstations; allowed anything on the LAN Manager
    > > Authentication Level in Security Options in the Domain Security Police;
    > > edited the users account properties in Active Directory to check "Do not
    > > require Kerberos preauthentication"; checked to make sure users were
    > logging
    > > in the domain and not in the Windows 98 workstation; but nothing worked so
    > > far, accounts are still being locked out randomly.
    > >
    > > Can anyone help me?
    > >
    > > Thanks in advance.
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    hmm...

    Looking at the event log excerpt you posted:

    -- The first one is a denial because the account is already locked out.
    -- The second is a standard bad username or password (lots of possible
    sources)
    -- The third is a normal lockout
    -- The fourth is an explicit lockout of an account, but is being logged as a
    generic account change. This was fixed in SP4, per KB 314444 -- but that is
    just the reporting, not the cause.
    -- The rest are lockouts (KB 814511) in the normal course of things.

    The point is that you are right in that the system is locking the accounts
    and there is nothing screwy with that process going on. It really does look
    as though there is an issue with "something" whether it be the ds client, a
    service, or a virus attempting to log on to accounts over and over causing
    them to lock.

    Considering the value of your time and the impact to the end users, this
    seems like the time to open a case with MS. It'll be worth the money if it
    gets resolved quickly, and you did your basic research so you're not acting
    capriciously.

    --
    Ryan Hanisco
    MCSE, MCDBA
    Flagship Integration Services

    "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    news:6350C303-ACF3-4F29-857C-317175624E53@microsoft.com...
    > Hi Ryan,
    > This is not a virus/worm problem, I have scanned all machines using
    multiple
    > antivirus software.
    > I cant change the lockout threshold.
    > As I said it is a problem related to the Windows 98 machines
    authenticating
    > in the AD domain, it appears that the Windows 98 sends wrong credentias to
    > the Domain Controllers when the users logged try to access a file share in
    > the Domain Controllers.
    >
    > "Ryan Hanisco" wrote:
    >
    > > Hi,
    > >
    > > As a band-aid, you can change the lockout thresholds in:
    > > Domain Security Policy | Windows Settings | Security Settings | Account
    > > Policies | Account Lockout Policy
    > >
    > > Fix the root of this, though. Don't just make the change and leave it
    like
    > > that.
    > >
    > > Viruses and Worms can hit your AD and try to break in using a brute
    force
    > > attack. You will want to make sure that you are not seeing the system
    > > protect itself from something like this by disabling the accounts. This
    is
    > > pretty common in the more recent worms. Use your Antivirus program to
    do a
    > > full sweep of all of your workstations.
    > >
    > > I'd also be very concerned about the account management changes done by
    the
    > > Everyone account, as listed by your appended account logs.
    > >
    > > As an aside, I would suggest that you work to get rid of your 9x
    machines
    > > and replace or upgrade them. Because of the complications and potential
    > > problems, upgrade or attrition of 9x machines should be considered part
    of
    > > the cost of a migration to 2k/2k3 server. Generally if an organization
    > > can't afford the workstation upgrade, they can't afford the manpower and
    > > downtime that will come with supporting the 9x machines on the new
    network.
    > > (IMHO)
    > > --
    > > Ryan Hanisco
    > > MCSE, MCDBA
    > > Flagship Integration Services
    > >
    > > "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    > > news:BE5508A9-B6BA-4988-AFC0-F0059D1D7BD1@microsoft.com...
    > > > Hi,
    > > >
    > > > We just upgraded a Windows NT 4 domain to Active Directory. The client
    > > > computers are comprised of Windows 98, Windows 98 SE and Windows 2000
    Pro
    > > > machines.
    > > > Exchnage 5.5 is installed in a Windows 2000 DC.
    > > >
    > > > We are having the following problem, with the Windows 98 machines:
    > > > A lot of the users in the 98 workstations are getting their accounts
    > > locked
    > > > out (the account lockout police locks an account after 3 failed tries,
    > > cant
    > > > change this) randomly.
    > > >
    > > > In the DC security logs, I get a lot of errors:
    > > >
    > > > Source: Security
    > > > Category: Account Logon
    > > > Type: Failure
    > > > Event ID: 681
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > The logon to account: xxxxxxx
    > > > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    > > > from workstation: \\xxxxxxx
    > > > failed. The error code was: 3221226036
    > > >
    > > > Source: Security
    > > > Category: Logon\Logoff
    > > > Type: Failure
    > > > Event ID: 529
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > Logon Failure:
    > > > Reason: Unknown user name or bad password
    > > > User Name: xxxxxxxx
    > > > Domain: DOMAIN
    > > > Logon Type: 3
    > > > Logon Process: NtLmSsp
    > > > Authentication Package: NTLM
    > > > Workstation Name: \\xxxxxx
    > > >
    > > > Source: Security
    > > > Category: Logon\Logoff
    > > > Type: Failure
    > > > Event ID: 539
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > Logon Failure:
    > > > Reason: Account locked out
    > > > User Name: xxxxxx
    > > > Domain: DOMAIN
    > > > Logon Type: 3
    > > > Logon Process: NtLmSsp
    > > > Authentication Package: NTLM
    > > > Workstation Name: \\xxxxxx
    > > >
    > > > Source: Security
    > > > Category: Account Management
    > > > Type: Success
    > > > Event ID: 642
    > > > User: Everyone
    > > > Computer: DC
    > > > Description:
    > > > User Account Changed:
    > > > Account Locked.
    > > > Target Account Name: vnd_bruno
    > > > Target Domain: BRAZIL
    > > > Target Account ID: BRAZIL\vnd_bruno
    > > > Caller User Name: DC02SRV$
    > > > Caller Domain: BRAZIL
    > > > Caller Logon ID: (0x0,0x3E7)
    > > > Privileges: -
    > > >
    > > > Source: Security
    > > > Category: Account Management
    > > > Type: Success
    > > > Event ID: 644
    > > > User: Everyone
    > > > Computer: DC
    > > > Description:
    > > > User Account Locked Out:
    > > > Target Account Name: XXXXXX
    > > > Target Account ID: DOMAIN\XXXXXX
    > > > Caller Machine Name: \\XXXXXXX
    > > > Caller User Name: DC$
    > > > Caller Domain: DOMAIN
    > > > Caller Logon ID: (0x0,0x3E7)
    > > >
    > > > It appears as although the users use its right credentials, the
    accounts
    > > are
    > > > being locked by the system.
    > > >
    > > > I have checked lots of things and already tried: installing and
    > > uninstalling
    > > > DSClient on the 98 workstations; allowed anything on the LAN Manager
    > > > Authentication Level in Security Options in the Domain Security
    Police;
    > > > edited the users account properties in Active Directory to check "Do
    not
    > > > require Kerberos preauthentication"; checked to make sure users were
    > > logging
    > > > in the domain and not in the Windows 98 workstation; but nothing
    worked so
    > > > far, accounts are still being locked out randomly.
    > > >
    > > > Can anyone help me?
    > > >
    > > > Thanks in advance.
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    Also, take a look at:

    http://support.microsoft.com/default.aspx?scid=kb;en-us;317796
    http://support.microsoft.com/default.aspx?scid=kb;en-us;271496

    --
    Ryan Hanisco
    MCSE, MCDBA
    Flagship Integration Services

    "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    news:6350C303-ACF3-4F29-857C-317175624E53@microsoft.com...
    > Hi Ryan,
    > This is not a virus/worm problem, I have scanned all machines using
    multiple
    > antivirus software.
    > I cant change the lockout threshold.
    > As I said it is a problem related to the Windows 98 machines
    authenticating
    > in the AD domain, it appears that the Windows 98 sends wrong credentias to
    > the Domain Controllers when the users logged try to access a file share in
    > the Domain Controllers.
    >
    > "Ryan Hanisco" wrote:
    >
    > > Hi,
    > >
    > > As a band-aid, you can change the lockout thresholds in:
    > > Domain Security Policy | Windows Settings | Security Settings | Account
    > > Policies | Account Lockout Policy
    > >
    > > Fix the root of this, though. Don't just make the change and leave it
    like
    > > that.
    > >
    > > Viruses and Worms can hit your AD and try to break in using a brute
    force
    > > attack. You will want to make sure that you are not seeing the system
    > > protect itself from something like this by disabling the accounts. This
    is
    > > pretty common in the more recent worms. Use your Antivirus program to
    do a
    > > full sweep of all of your workstations.
    > >
    > > I'd also be very concerned about the account management changes done by
    the
    > > Everyone account, as listed by your appended account logs.
    > >
    > > As an aside, I would suggest that you work to get rid of your 9x
    machines
    > > and replace or upgrade them. Because of the complications and potential
    > > problems, upgrade or attrition of 9x machines should be considered part
    of
    > > the cost of a migration to 2k/2k3 server. Generally if an organization
    > > can't afford the workstation upgrade, they can't afford the manpower and
    > > downtime that will come with supporting the 9x machines on the new
    network.
    > > (IMHO)
    > > --
    > > Ryan Hanisco
    > > MCSE, MCDBA
    > > Flagship Integration Services
    > >
    > > "marciotf" <marciotf@discussions.microsoft.com> wrote in message
    > > news:BE5508A9-B6BA-4988-AFC0-F0059D1D7BD1@microsoft.com...
    > > > Hi,
    > > >
    > > > We just upgraded a Windows NT 4 domain to Active Directory. The client
    > > > computers are comprised of Windows 98, Windows 98 SE and Windows 2000
    Pro
    > > > machines.
    > > > Exchnage 5.5 is installed in a Windows 2000 DC.
    > > >
    > > > We are having the following problem, with the Windows 98 machines:
    > > > A lot of the users in the 98 workstations are getting their accounts
    > > locked
    > > > out (the account lockout police locks an account after 3 failed tries,
    > > cant
    > > > change this) randomly.
    > > >
    > > > In the DC security logs, I get a lot of errors:
    > > >
    > > > Source: Security
    > > > Category: Account Logon
    > > > Type: Failure
    > > > Event ID: 681
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > The logon to account: xxxxxxx
    > > > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    > > > from workstation: \\xxxxxxx
    > > > failed. The error code was: 3221226036
    > > >
    > > > Source: Security
    > > > Category: Logon\Logoff
    > > > Type: Failure
    > > > Event ID: 529
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > Logon Failure:
    > > > Reason: Unknown user name or bad password
    > > > User Name: xxxxxxxx
    > > > Domain: DOMAIN
    > > > Logon Type: 3
    > > > Logon Process: NtLmSsp
    > > > Authentication Package: NTLM
    > > > Workstation Name: \\xxxxxx
    > > >
    > > > Source: Security
    > > > Category: Logon\Logoff
    > > > Type: Failure
    > > > Event ID: 539
    > > > User: NT AUTHORITY\SYSTEM
    > > > Computer: DC
    > > > Description:
    > > > Logon Failure:
    > > > Reason: Account locked out
    > > > User Name: xxxxxx
    > > > Domain: DOMAIN
    > > > Logon Type: 3
    > > > Logon Process: NtLmSsp
    > > > Authentication Package: NTLM
    > > > Workstation Name: \\xxxxxx
    > > >
    > > > Source: Security
    > > > Category: Account Management
    > > > Type: Success
    > > > Event ID: 642
    > > > User: Everyone
    > > > Computer: DC
    > > > Description:
    > > > User Account Changed:
    > > > Account Locked.
    > > > Target Account Name: vnd_bruno
    > > > Target Domain: BRAZIL
    > > > Target Account ID: BRAZIL\vnd_bruno
    > > > Caller User Name: DC02SRV$
    > > > Caller Domain: BRAZIL
    > > > Caller Logon ID: (0x0,0x3E7)
    > > > Privileges: -
    > > >
    > > > Source: Security
    > > > Category: Account Management
    > > > Type: Success
    > > > Event ID: 644
    > > > User: Everyone
    > > > Computer: DC
    > > > Description:
    > > > User Account Locked Out:
    > > > Target Account Name: XXXXXX
    > > > Target Account ID: DOMAIN\XXXXXX
    > > > Caller Machine Name: \\XXXXXXX
    > > > Caller User Name: DC$
    > > > Caller Domain: DOMAIN
    > > > Caller Logon ID: (0x0,0x3E7)
    > > >
    > > > It appears as although the users use its right credentials, the
    accounts
    > > are
    > > > being locked by the system.
    > > >
    > > > I have checked lots of things and already tried: installing and
    > > uninstalling
    > > > DSClient on the 98 workstations; allowed anything on the LAN Manager
    > > > Authentication Level in Security Options in the Domain Security
    Police;
    > > > edited the users account properties in Active Directory to check "Do
    not
    > > > require Kerberos preauthentication"; checked to make sure users were
    > > logging
    > > > in the domain and not in the Windows 98 workstation; but nothing
    worked so
    > > > far, accounts are still being locked out randomly.
    > > >
    > > > Can anyone help me?
    > > >
    > > > Thanks in advance.
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    "Ryan Hanisco" wrote:
    > Also, take a look at:
    >
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;317796
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;271496
    >
    > --
    > Ryan Hanisco
    > MCSE, MCDBA
    > Flagship Integration Services
    >
    > "marciotf" <marciotf@discussions.microsoft.com> wrote in
    > message
    > news:6350C303-ACF3-4F29-857C-317175624E53@microsoft.com...
    > > Hi Ryan,
    > > This is not a virus/worm problem, I have scanned all
    > machines using
    > multiple
    > > antivirus software.
    > > I cant change the lockout threshold.
    > > As I said it is a problem related to the Windows 98 machines
    > authenticating
    > > in the AD domain, it appears that the Windows 98 sends wrong
    > credentias to
    > > the Domain Controllers when the users logged try to access a
    > file share in
    > > the Domain Controllers.
    > >
    > > "Ryan Hanisco" wrote:
    > >
    >  > > Hi,
    >  > >
    >  > > As a band-aid, you can change the lockout thresholds
    > in:
    >  > > Domain Security Policy | Windows Settings | Security
    > Settings | Account
    >  > > Policies | Account Lockout Policy
    >  > >
    >  > > Fix the root of this, though. Don't just make the
    > change and leave it
    > like
    >  > > that.
    >  > >
    >  > > Viruses and Worms can hit your AD and try to break
    > in using a brute
    > force
    >  > > attack. You will want to make sure that you are not
    > seeing the system
    >  > > protect itself from something like this by disabling
    > the accounts. This
    > is
    >  > > pretty common in the more recent worms. Use your
    > Antivirus program to
    > do a
    >  > > full sweep of all of your workstations.
    >  > >
    >  > > I'd also be very concerned about the account
    > management changes done by
    > the
    >  > > Everyone account, as listed by your appended account
    > logs.
    >  > >
    >  > > As an aside, I would suggest that you work to get
    > rid of your 9x
    > machines
    >  > > and replace or upgrade them. Because of the
    > complications and potential
    >  > > problems, upgrade or attrition of 9x machines should
    > be considered part
    > of
    >  > > the cost of a migration to 2k/2k3 server. Generally
    > if an organization
    >  > > can't afford the workstation upgrade, they can't
    > afford the manpower and
    >  > > downtime that will come with supporting the 9x
    > machines on the new
    > network.
    >  > > (IMHO)
    >  > > --
    >  > > Ryan Hanisco
    >  > > MCSE, MCDBA
    >  > > Flagship Integration Services
    >  > >
    >  > > "marciotf"
    > <marciotf@discussions.microsoft.com> wrote in message
    >  > >
    > news:BE5508A9-B6BA-4988-AFC0-F0059D1D7BD1@microsoft.com...
    >   > > > Hi,
    >   > > >
    >   > > > We just upgraded a Windows NT 4 domain to
    > Active Directory. The client
    >   > > > computers are comprised of Windows 98,
    > Windows 98 SE and Windows 2000
    > Pro
    >   > > > machines.
    >   > > > Exchnage 5.5 is installed in a Windows 2000
    > DC.
    >   > > >
    >   > > > We are having the following problem, with
    > the Windows 98 machines:
    >   > > > A lot of the users in the 98 workstations
    > are getting their accounts
    >  > > locked
    >   > > > out (the account lockout police locks an
    > account after 3 failed tries,
    >  > > cant
    >   > > > change this) randomly.
    >   > > >
    >   > > > In the DC security logs, I get a lot of
    > errors:
    >   > > >
    >   > > > Source: Security
    >   > > > Category: Account Logon
    >   > > > Type: Failure
    >   > > > Event ID: 681
    >   > > > User: NT AUTHORITYSYSTEM
    >   > > > Computer: DC
    >   > > > Description:
    >   > > > The logon to account: xxxxxxx
    >   > > > by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    >   > > > from workstation: \xxxxxxx
    >   > > > failed. The error code was: 3221226036
    >   > > >
    >   > > > Source: Security
    >   > > > Category: LogonLogoff
    >   > > > Type: Failure
    >   > > > Event ID: 529
    >   > > > User: NT AUTHORITYSYSTEM
    >   > > > Computer: DC
    >   > > > Description:
    >   > > > Logon Failure:
    >   > > > Reason: Unknown user name or
    > bad password
    >   > > > User Name: xxxxxxxx
    >   > > > Domain: DOMAIN
    >   > > > Logon Type: 3
    >   > > > Logon Process: NtLmSsp
    >   > > > Authentication Package: NTLM
    >   > > > Workstation Name: \xxxxxx
    >   > > >
    >   > > > Source: Security
    >   > > > Category: LogonLogoff
    >   > > > Type: Failure
    >   > > > Event ID: 539
    >   > > > User: NT AUTHORITYSYSTEM
    >   > > > Computer: DC
    >   > > > Description:
    >   > > > Logon Failure:
    >   > > > Reason: Account locked out
    >   > > > User Name: xxxxxx
    >   > > > Domain: DOMAIN
    >   > > > Logon Type: 3
    >   > > > Logon Process: NtLmSsp
    >   > > > Authentication Package: NTLM
    >   > > > Workstation Name: \xxxxxx
    >   > > >
    >   > > > Source: Security
    >   > > > Category: Account Management
    >   > > > Type: Success
    >   > > > Event ID: 642
    >   > > > User: Everyone
    >   > > > Computer: DC
    >   > > > Description:
    >   > > > User Account Changed:
    >   > > > Account Locked.
    >   > > > Target Account Name: vnd_bruno
    >   > > > Target Domain: BRAZIL
    >   > > > Target Account ID:
    > BRAZILvnd_bruno
    >   > > > Caller User Name: DC02SRV$
    >   > > > Caller Domain: BRAZIL
    >   > > > Caller Logon ID: (0x0,0x3E7)
    >   > > > Privileges: -
    >   > > >
    >   > > > Source: Security
    >   > > > Category: Account Management
    >   > > > Type: Success
    >   > > > Event ID: 644
    >   > > > User: Everyone
    >   > > > Computer: DC
    >   > > > Description:
    >   > > > User Account Locked Out:
    >   > > > Target Account Name: XXXXXX
    >   > > > Target Account ID: DOMAINXXXXXX
    >   > > > Caller Machine Name: \XXXXXXX
    >   > > > Caller User Name: DC$
    >   > > > Caller Domain: DOMAIN
    >   > > > Caller Logon ID: (0x0,0x3E7)
    >   > > >
    >   > > > It appears as although the users use its
    > right credentials, the
    > accounts
    >  > > are
    >   > > > being locked by the system.
    >   > > >
    >   > > > I have checked lots of things and already
    > tried: installing and
    >  > > uninstalling
    >   > > > DSClient on the 98 workstations; allowed
    > anything on the LAN Manager
    >   > > > Authentication Level in Security Options in
    > the Domain Security
    > Police;
    >   > > > edited the users account properties in
    > Active Directory to check "Do
    > not
    >   > > > require Kerberos preauthentication"; checked
    > to make sure users were
    >  > > logging
    >   > > > in the domain and not in the Windows 98
    > workstation; but nothing
    > worked so
    >   > > > far, accounts are still being locked out
    > randomly.
    >   > > >
    >   > > > Can anyone help me?
    >   > > >
    >   > > > Thanks in advance.
    >  > >
    >  > >
    >  > >

    Hi,

    First of all. Make sure you install the Active Directory Client on the
    Windows 9x boxes. It is on the Windows 2000 Server CD Rom.

    Second of all. Configure DHCP to automatically register non-dynamic
    clients in DNS. Right click DHCP Domain - properties - dns tab

    Third of all - Install a WINS Server. This is essential to non NT
    clients.

    Go to your DNS server and make sure all the Win 9x clients are there
    with the correct ip.

    That is a start.

    Cheers,

    Lara

    --
    http://www.WindowsForumz.com/ This article was posted by author's request
    Articles individually checked for conformance to usenet standards
    Topic URL: http://www.WindowsForumz.com/Active-Directory-Users-Win98-workstations-account-locked-Direct-ftopict243660.html
    Visit Topic URL to contact author (reg. req'd). Report abuse: http://www.WindowsForumz.com/eform.php?p=742530
Ask a new question

Read More

Workstations Active Directory Windows