Lockout accounts

[pjverweij]

My first post so lets see want i can learn.

Situation:
- WBT workstations
- 5 Citrix servers
- 1 File server also domaincontroller(VirtualMachine)
- 1 mailserver also an domaincontroller(VirtualMachine)

Accounts get lockout with the event on the fileserver: 675
This event shows the ip address of the citrix server where the user is logged on to.

The Citrix server gives 529, shows its logon process and is in this case 7064 and that relates to WINLOGON.

I have googled a lot but i can't find the solution to these lockouts.
I have the Microsoft lockout tools and used eventcombMT/alockout and run dcdiag. Also programs like kerbtray and MPS Reporting Tool for Directory Services & Security Support, but no luck for me.Also run a network monitor from Microsoft.

Users do not even know why/when they are locked because it happens even when they are not behind the computer.
These events only come up in worktime.

Can anybody help me try to solve this issue?

This week i will activate kerberos and netlogon logging

-------------------------------------------------------------------
Event ID's and there information:

FILESERVER:

Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 1-12-2008
Time: 12:04:32
User: NT AUTHORITY\SYSTEM
Computer: Fileserver-FS01
Description:
Pre-authentication failed:
User Name: kf
User ID: domain1\kf
Service Name: krbtgt/domain1
Pre-Authentication Type: 0x2
Failure Code: 0x18
Client Address: 172.168.207.52

CITRIXSERVER, Dutch version of windows 2003, translated a bit:

Type gebeurtenis: Failed
Bron van gebeurtenis: Security
Categorie van gebeurtenis: logon/logoff
Event-id 529
Date: 1-12-2008
Time: 12:04:32
User: NT AUTHORITY\SYSTEM
Computer: citrixserver-CTX03
Description:
Aanmeldingsfout:
Cause: unknown username or password username: kf
Domein: Domain1
logontype: 7 ==> Unlock type
logonproces: User32
Verificatiepakket: Negotiate
Name workstation: Citrixserver-CTX03
username caller: Citrixserver-CTX03$
Domein callerr: Domain1
Aanmeldings-id aanroeper: (0x0,0x3E7)
Proces-id caller: 7040 ==> This is WINLOGON Doorgezette services: -
Networkaddress source: 172.168.207.75 address of terminal WBT client
Poort van source: 1039

[bendewit]

Are all machine domain members? Are the domain controllers all VM's?

Yes all server computers are in the same domain, we only have 1 domain, WBT stations login as a citrix client and go futher to work on one of the servers.
It's also true that all domain controllers are virtual server VMware machines.
The fileserver is the PDC.
The citrix servers are not virtual, these are racket servers.

I will have a look at terminal clients , but logging on can always be done(Wyse clients) and they show up in the citrix and Active directory enviroment.
I also have looked at stored credentials at the citrix server: Stored password and user information but this is not for clients.

The WBT terminals are getting an ip address from the file server, from there the ica client will connect the citrix farm. The farm will look at the server who are available so the user can logon to one who has the most rescources left.

The WBT stations are not in the domain they just getting a ip address with from the dhcp server. The citrix servers where they logon to are in the domain.

I have a Windows 2003 Xenapp 5 setup. When I open an ICA session to a server the published application will start, but every launch will log 2 bad password attempts at the Windows 2008 Domain Controller. My account will get locked out after 5 logons (policy is set to 10 bad pwd attempts).

We use Kerberos Passthrough authentication as well. We have a ticket open at Citrix support, but they don't have a clue for the moment.

It is very important for me to get this resolved within the coming week.

[jfd7000]

We have the exact same issue and i cannot find anything on the web. Did citrix ever get back to you and did you ever get this resolved?

I am having the same issue as the member who posted before me.

I am asking the member if Citrix ever replied to the call that was raised by them.

I will explain the problem I am having.

We have 3 Citrix XenApp 5 Servers with latest updates on our domain with Windows 2003 x64 SP2 R2 Standard installed.

Our domain comprises of 3 Domain controllers with Windows 2003 Standard SP2 installed.

I have published some applications.

The user is using version 11 of the Citrix Client.

I have placed .ica files on the users desktops.

The problem is when the user launches the app they are able to log in but the account is locked out instantley.

As they use roaming profiles they do not have access to the profile share.

My main problem is why the accounts are locking out.

People have posted on various forums that this is happening to them but no one seems to have sorted it?

One of the members said that they reported this to Citrix but did Citrix get to the bottom of it?

please describe in detail the problem you have including
the OS version(SP/patch level) also with error messages or complete event
viewer errors.

I have to agree with Meinolf, you should open a new thread but see the link
below.

Select User Account Lockout Troubleshooting