Sign in with
Sign up | Sign in
Your question

change administrator password

Tags:
Last response: in Windows 2000/NT
Share
September 16, 2004 3:40:14 PM

Archived from groups: microsoft.public.win2000.security (More info?)

We have 2 domaincontrollers with Windows 2000 Server SP3.
Since I changed the administrator password, I get a lot of these events in
the Security Event Viewer (see below).

Is it possible that some processes or programs still try to use the old
password?
Is there a procedure to follow when changing the administrator password,
just to be sure that the new password is transfered to all processes on all
the DC's.
I also have some PC's which are used p.e. as printserver or antivirus
updateserver, that start with the administrator password or wiht a user with
administrator priviliges. Is there a way to submit the new administrator
password to processes that run on such PC's?

I must say, all the programs that run on our servers : Exchange, Arcserve
Backup, F-Secure Antivirus, Progress Database,... seem to work fine.
So why all these event messages?

Kind regards,

Bob Goetschalckx


Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: out_domain\Administrator
Domain: NameOfDC
Logon Type: 3
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Workstation Name: NameOfDC

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 681
Date: 10/09/2004
Time: 20:11:32
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
The logon to account: out_domain\Administrator
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: NameOfDC
failed. The error code was: 3221225572

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 10/09/2004
Time: 15:12:25
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: krbtgt/our_domain
Ticket Options: 0x2
Failure Code: 0x20
Client Address: 127.0.0.1

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 529
Date: 10/09/2004
Time: 10:11:13
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Logon Failure:
Reason: Unknown user name or bad password
User Name: administrator
Domain: our_domain
Logon Type: 2
Logon Process: User32
Authentication Package: Negotiate
Workstation Name: NameOfDC


Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 677
Date: 16/09/2004
Time: 5:01:03
User: NT AUTHORITY\SYSTEM
Computer: NameOfDC
Description:
Service Ticket Request Failed:
User Name: NameOfDC$
User Domain: out_domain
Service Name: ldap/NameOfDC.our_domain.be
Ticket Options: 0x40810010
Failure Code: 0x6
Client Address: 127.0.0.1
Anonymous
September 16, 2004 7:13:30 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hi Bob,

It could be just about anything. E.g. network mapping that use old password
or scheduled jobs etc.

Here is tool from Microsoft that might be able to help you out figure out
what process is causing you these problems.

Account Lockout and Management Tools
http://www.microsoft.com/downloads/details.aspx?FamilyI...

I hope it helps,

Mike

"Bob" <bob@hotmeel.com> wrote in message
news:41495f7e$0$18552$ba620e4c@news.skynet.be...
> We have 2 domaincontrollers with Windows 2000 Server SP3.
> Since I changed the administrator password, I get a lot of these events in
> the Security Event Viewer (see below).
>
> Is it possible that some processes or programs still try to use the old
> password?
> Is there a procedure to follow when changing the administrator password,
> just to be sure that the new password is transfered to all processes on
all
> the DC's.
> I also have some PC's which are used p.e. as printserver or antivirus
> updateserver, that start with the administrator password or wiht a user
with
> administrator priviliges. Is there a way to submit the new administrator
> password to processes that run on such PC's?
>
> I must say, all the programs that run on our servers : Exchange, Arcserve
> Backup, F-Secure Antivirus, Progress Database,... seem to work fine.
> So why all these event messages?
>
> Kind regards,
>
> Bob Goetschalckx
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 10/09/2004
> Time: 20:11:32
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: out_domain\Administrator
> Domain: NameOfDC
> Logon Type: 3
> Logon Process: Advapi
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: NameOfDC
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 681
> Date: 10/09/2004
> Time: 20:11:32
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> The logon to account: out_domain\Administrator
> by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> from workstation: NameOfDC
> failed. The error code was: 3221225572
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 677
> Date: 10/09/2004
> Time: 15:12:25
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Service Ticket Request Failed:
> User Name: NameOfDC$
> User Domain: out_domain
> Service Name: krbtgt/our_domain
> Ticket Options: 0x2
> Failure Code: 0x20
> Client Address: 127.0.0.1
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Logon/Logoff
> Event ID: 529
> Date: 10/09/2004
> Time: 10:11:13
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Logon Failure:
> Reason: Unknown user name or bad password
> User Name: administrator
> Domain: our_domain
> Logon Type: 2
> Logon Process: User32
> Authentication Package: Negotiate
> Workstation Name: NameOfDC
>
>
> Event Type: Failure Audit
> Event Source: Security
> Event Category: Account Logon
> Event ID: 677
> Date: 16/09/2004
> Time: 5:01:03
> User: NT AUTHORITY\SYSTEM
> Computer: NameOfDC
> Description:
> Service Ticket Request Failed:
> User Name: NameOfDC$
> User Domain: out_domain
> Service Name: ldap/NameOfDC.our_domain.be
> Ticket Options: 0x40810010
> Failure Code: 0x6
> Client Address: 127.0.0.1
>
>
>
Related resources
!