我有用户谁的帐户正在保持锁定每30分钟.完成所有检查,删除任何缓存密码,创建新的配置文件,从IE删除密码.
检查20台服务器后,我发现他们是服务运行,导致他的帐户锁定我想.
675,AUDIT FAILURE,Security,Thu Dec 16 07:54:04 2010,NT AUTHORITY\SYSTEM,Pre-authentication Failed: User Name: userid User ID: %{id} Service Name: krbtgt/DOMAIN Pre-Authentication Type: 0x2 Failure Code: 0x12 Client Address: IP address
有谁知道这是什么
krbtgt/DOMAIN Key Distribution Center Service Account
有些人可以向我解释一下为什么会发生这种情况,以及我如何解决这个问题.
675,Fri Dec 24 09:13:01 2010,Pre-authentication Failed: User Name: user_id User ID: %{id} Service Name: krbtgt/Domain Pre-Authentication Type: 0x2 Failure Code: 0x12 Client Address: 172.16.5.1 675,Fri Dec 24 08:49:06 2010,Pre-authentication Failed: User Name: user_id User ID: %{id} Service Name: krbtgt/Domain Pre-Authentication Type: 0x2 Failure Code: 0x12 Client Address: 172.16.5.102 644,AUDIT SUCCESS,User Account Locked Out: Target Account Name: user_id Target Account ID: %{id} Caller Machine Name: UKNML3266 Caller User Name: LONDON$ Caller Domain: Domain Caller logon ID: (0x0,0x3E7) 675,Pre-authentication Failed: User Name: user_id User ID: %{id} Service Name: krbtgt/Domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 172.16.5.102 675,Fri Dec 24 08:46:28 2010,Pre-authentication Failed: User Name: user_id User ID: %{id} Service Name: krbtgt/Domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 172.16.5.8 675,Pre-authentication Failed: User Name: user_id User ID: %{id} Service Name: krbtgt/Domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: 172.16.5.8 c:\sc0472\LONDON-Security_LOG.txt contains 8 parsed events.
从
http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/e1ef04fa-6aea-47fe-9392-45929239bd68尝试这个解决方案
Microsoft Support found the problem for us. Our domain accounts were
locking when a Windows 7 computer was started. The Windows 7 computer
had a hidden old password from that domain account. There are
passwords that can be stored in the SYSTEM context that can’t be seen
in the normal Credential Manager view.Download @H_404_27@PsExec.exe from 07001 and copy
it to @H_404_27@C:\Windows\System32.From a command prompt run: @H_404_27@psexec -i -s -d cmd.exe
From the new DOS window run: @H_404_27@rundll32 keymgr.dll,KRShowKeyMgr
Remove any items that appear in the list of Stored User Names and Passwords. Restart the computer.
