Guest Yoh Posted July 13, 2008 Posted July 13, 2008 How to trace terminal server client problem login? Our environment is NT 4 domain + Windows 2003 Terminal Servers. Login logging already enabled in NT 4 domain, but I can't found any bad password login in NT 4 event log; and only found account locked out event log. thanks
Guest jolteroli Posted July 13, 2008 Posted July 13, 2008 Re: How to trace terminal server client problem login? > Our environment is NT 4 domain + Windows 2003 Terminal Servers. Login > logging already enabled in NT 4 domain, but I can't found any bad password > login in NT 4 event log; and only found account locked out event log. Maybe authentification takes place at the terminal server. -jolt
Guest Vera Noest [MVP] Posted July 13, 2008 Posted July 13, 2008 Re: How to trace terminal server client problem login? "jolteroli" <jolt1976@gmx.net> wrote on 13 jul 2008 in microsoft.public.windows.terminal_services: >> Our environment is NT 4 domain + Windows 2003 Terminal Servers. >> Login logging already enabled in NT 4 domain, but I can't found >> any bad password login in NT 4 event log; and only found >> account locked out event log. > > Maybe authentification takes place at the terminal server. > > -jolt This frequently happens when users have saved their password in the rdp client on their workstation. After a password change, the rdp client still contains the old password. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___
Guest Yoh Posted July 14, 2008 Posted July 14, 2008 Re: How to trace terminal server client problem login? I glad to received your reply. I had created dummy account & enabled password never expired for TS user account. And all user login to TS by hardcoded RDP file. So I think we can ignore user wrong password mistake in this case. On the other hand, I has been check security event log in all domain controllers and all terminal servers. But I can't found any bad password login. Please help to solve this issue. Thanks, "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote in message news:Xns9ADAF230F69B6veranoesthemutforsse@207.46.248.16... > "jolteroli" <jolt1976@gmx.net> wrote on 13 jul 2008 in > microsoft.public.windows.terminal_services: > >>> Our environment is NT 4 domain + Windows 2003 Terminal Servers. >>> Login logging already enabled in NT 4 domain, but I can't found >>> any bad password login in NT 4 event log; and only found >>> account locked out event log. >> >> Maybe authentification takes place at the terminal server. >> >> -jolt > > This frequently happens when users have saved their password in the > rdp client on their workstation. After a password change, the rdp > client still contains the old password. > _________________________________________________________ > Vera Noest > MCSE, CCEA, Microsoft MVP - Terminal Server > TS troubleshooting: http://ts.veranoest.net > ___ please respond in newsgroup, NOT by private email ___
Guest Vera Noest [MVP] Posted July 14, 2008 Posted July 14, 2008 Re: How to trace terminal server client problem login? Mmm, it's strange that you can't find the events, I don''t know how to explain that, assuming that auditing is enabled for all secuirty events. Once the users are logged in, can they connect to a shared network folder on another server? Or maybe the C: drive on their own workstation? If someone configured such a network connection to be restored automatically upon every logon, and the connection needs a password (which is private to a single user), that could also cause the account to lockout. _________________________________________________________ Vera Noest MCSE, CCEA, Microsoft MVP - Terminal Server TS troubleshooting: http://ts.veranoest.net ___ please respond in newsgroup, NOT by private email ___ "Yoh" <yohtree@hotmail.com> wrote on 14 jul 2008 in microsoft.public.windows.terminal_services: > I glad to received your reply. I had created dummy account & > enabled password never expired for TS user account. And all user > login to TS by hardcoded RDP file. So I think we can ignore user > wrong password mistake in this case. > > On the other hand, I has been check security event log in all > domain controllers and all terminal servers. But I can't found > any bad password login. > > Please help to solve this issue. > > Thanks, > > > "Vera Noest [MVP]" <vera.noest@remove-this.hem.utfors.se> wrote > in message > news:Xns9ADAF230F69B6veranoesthemutforsse@207.46.248.16... >> "jolteroli" <jolt1976@gmx.net> wrote on 13 jul 2008 in >> microsoft.public.windows.terminal_services: >> >>>> Our environment is NT 4 domain + Windows 2003 Terminal >>>> Servers. Login logging already enabled in NT 4 domain, but I >>>> can't found any bad password login in NT 4 event log; and >>>> only found account locked out event log. >>> >>> Maybe authentification takes place at the terminal server. >>> >>> -jolt >> >> This frequently happens when users have saved their password in >> the rdp client on their workstation. After a password change, >> the rdp client still contains the old password. >> _________________________________________________________ >> Vera Noest >> MCSE, CCEA, Microsoft MVP - Terminal Server >> TS troubleshooting: http://ts.veranoest.net >> ___ please respond in newsgroup, NOT by private email ___
Recommended Posts