ACCOUNT LOCKOUT ISSUE

  • Thread starter Thread starter CHANGING FAIL OVER CLUSTER TO NLB
  • Start date Start date
C

CHANGING FAIL OVER CLUSTER TO NLB

Guest
Hello:

Standalong Win2k3 applications server. Has both SQL 2000 and IIS server
running. All latest updates applied including service packs. XP client tries
to connect (more than likely through an application) which results in account
lockout. I tried Network Monitor which does not provide info in clear text
except confirming that there was an account lockout. Here is what I see in
the event viewer-->security log:
Logon Failure:
Reason: Account locked out
User Name: Userid1
Domain: Workstation1
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: Workstation1
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.x.xx.xxx
Source Port: 0

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

My question is how can I find out which offending application is passing
wrong authentication credentials? Does Microsoft tools help me and if so,
which is the right one (all our servers/clients are currently part of
workgroup and not part of a domain)?

Will appreciate your early clear input. Thanks!

Regards,

Victor
 
Re: ACCOUNT LOCKOUT ISSUE

Hello CHANGING FAIL OVER CLUSTER TO NLB,

User1 is configured on all machines with the same password, i assume? So
check that on all machines the same password is used.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello:
>
> Standalong Win2k3 applications server. Has both SQL 2000 and IIS
> server
> running. All latest updates applied including service packs. XP client
> tries
> to connect (more than likely through an application) which results in
> account
> lockout. I tried Network Monitor which does not provide info in clear
> text
> except confirming that there was an account lockout. Here is what I
> see in
> the event viewer-->security log:
> Logon Failure:
> Reason: Account locked out
> User Name: Userid1
> Domain: Workstation1
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: NTLM
> Workstation Name: Workstation1
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 10.x.xx.xxx
> Source Port: 0
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> My question is how can I find out which offending application is
> passing wrong authentication credentials? Does Microsoft tools help me
> and if so, which is the right one (all our servers/clients are
> currently part of workgroup and not part of a domain)?
>
> Will appreciate your early clear input. Thanks!
>
> Regards,
>
> Victor
>
 
Back
Top