Guest CHANGING FAIL OVER CLUSTER TO NLB Posted June 3, 2008 Posted June 3, 2008 Hello: Standalong Win2k3 applications server. Has both SQL 2000 and IIS server running. All latest updates applied including service packs. XP client tries to connect (more than likely through an application) which results in account lockout. I tried Network Monitor which does not provide info in clear text except confirming that there was an account lockout. Here is what I see in the event viewer-->security log: Logon Failure: Reason: Account locked out User Name: Userid1 Domain: Workstation1 Logon Type: 3 Logon Process: NtLmSsp Authentication Package: NTLM Workstation Name: Workstation1 Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 10.x.xx.xxx Source Port: 0 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. My question is how can I find out which offending application is passing wrong authentication credentials? Does Microsoft tools help me and if so, which is the right one (all our servers/clients are currently part of workgroup and not part of a domain)? Will appreciate your early clear input. Thanks! Regards, Victor
Guest Meinolf Weber Posted June 5, 2008 Posted June 5, 2008 Re: ACCOUNT LOCKOUT ISSUE Hello CHANGING FAIL OVER CLUSTER TO NLB, User1 is configured on all machines with the same password, i assume? So check that on all machines the same password is used. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hello: > > Standalong Win2k3 applications server. Has both SQL 2000 and IIS > server > running. All latest updates applied including service packs. XP client > tries > to connect (more than likely through an application) which results in > account > lockout. I tried Network Monitor which does not provide info in clear > text > except confirming that there was an account lockout. Here is what I > see in > the event viewer-->security log: > Logon Failure: > Reason: Account locked out > User Name: Userid1 > Domain: Workstation1 > Logon Type: 3 > Logon Process: NtLmSsp > Authentication Package: NTLM > Workstation Name: Workstation1 > Caller User Name: - > Caller Domain: - > Caller Logon ID: - > Caller Process ID: - > Transited Services: - > Source Network Address: 10.x.xx.xxx > Source Port: 0 > For more information, see Help and Support Center at > http://go.microsoft.com/fwlink/events.asp. > > My question is how can I find out which offending application is > passing wrong authentication credentials? Does Microsoft tools help me > and if so, which is the right one (all our servers/clients are > currently part of workgroup and not part of a domain)? > > Will appreciate your early clear input. Thanks! > > Regards, > > Victor >
Recommended Posts