ACCOUNT LOCKOUT ISSUE

[Guest CHANGING FAIL OVER CLUSTER TO NLB]

Hello:

 

Standalong Win2k3 applications server. Has both SQL 2000 and IIS server

running. All latest updates applied including service packs. XP client tries

to connect (more than likely through an application) which results in account

lockout. I tried Network Monitor which does not provide info in clear text

except confirming that there was an account lockout. Here is what I see in

the event viewer-->security log:

Logon Failure:

Reason: Account locked out

User Name: Userid1

Domain: Workstation1

Logon Type: 3

Logon Process: NtLmSsp

Authentication Package: NTLM

Workstation Name: Workstation1

Caller User Name: -

Caller Domain: -

Caller Logon ID: -

Caller Process ID: -

Transited Services: -

Source Network Address: 10.x.xx.xxx

Source Port: 0

 

For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

My question is how can I find out which offending application is passing

wrong authentication credentials? Does Microsoft tools help me and if so,

which is the right one (all our servers/clients are currently part of

workgroup and not part of a domain)?

 

Will appreciate your early clear input. Thanks!

 

Regards,

 

Victor

[Guest Meinolf Weber]

Re: ACCOUNT LOCKOUT ISSUE

 

Hello CHANGING FAIL OVER CLUSTER TO NLB,

 

User1 is configured on all machines with the same password, i assume? So

check that on all machines the same password is used.

 

Best regards

 

Meinolf Weber

Disclaimer: This posting is provided "AS IS" with no warranties, and confers

no rights.

** Please do NOT email, only reply to Newsgroups

** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello:

>

> Standalong Win2k3 applications server. Has both SQL 2000 and IIS

> server

> running. All latest updates applied including service packs. XP client

> tries

> to connect (more than likely through an application) which results in

> account

> lockout. I tried Network Monitor which does not provide info in clear

> text

> except confirming that there was an account lockout. Here is what I

> see in

> the event viewer-->security log:

> Logon Failure:

> Reason: Account locked out

> User Name: Userid1

> Domain: Workstation1

> Logon Type: 3

> Logon Process: NtLmSsp

> Authentication Package: NTLM

> Workstation Name: Workstation1

> Caller User Name: -

> Caller Domain: -

> Caller Logon ID: -

> Caller Process ID: -

> Transited Services: -

> Source Network Address: 10.x.xx.xxx

> Source Port: 0

> For more information, see Help and Support Center at

> http://go.microsoft.com/fwlink/events.asp.

>

> My question is how can I find out which offending application is

> passing wrong authentication credentials? Does Microsoft tools help me

> and if so, which is the right one (all our servers/clients are

> currently part of workgroup and not part of a domain)?

>

> Will appreciate your early clear input. Thanks!

>

> Regards,

>

> Victor

>