Hello all,
Since a few months, I'm constantly getting my account (which has admin rights) locked out in Active Directory. When looking in the event viewer of the DC's, it seems to be caused by pre-authentication failures with my user originating from multiple machines. The constant seems to be that they are all Windows 7 Pro SP1 machines that I have configured. (All copied from the same image). Also, it started when I changed my password. So, logically, it must be stored somewhere in Windows 7 and not be updated.
The failure is:
Event Type: Failure Audit
Event Source: Security
Event Category: Account Logon
Event ID: 675
Date: 15/03/2012
Time: 16:05:24
User: NT AUTHORITY\SYSTEM
Computer: [DC_Name]
Description:
Pre-authentication failed:
User Name: my_user
User ID: DOMAIN\my_user
Service Name: krbtgt/[DOMAIN]
Pre-Authentication Type: 0x0
Failure Code: 0x19
Client Address: [CLIENT_IP_ADDRESS]
At first glance, these seem to occur at completely random moments and intervals.
I have already tried analyzing it with EventCombMT and LockOutStatus tools.
Thanks for any hints that help me solve this annoying problem.
Brgds,
CZ
Bookmarks