You can use wmic.exe to find most info about your
services.
Regards,
/Jimmy
------------------------------------- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Sent: Thursday, October 09, 2003 1:01 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] account lockout troubleshooting Check
for any services that are possibly running in the context of the user (either
services.msc or if you want command line check out svcutil at www.joeware.net with the viewx
option)
F:\Dev\cpp\SvcUtil>svcutil . viewx
SvcUtil V02.03.00cpp Joe Richards ([EMAIL PROTECTED])
May 2003
-------------------------------------------------
Service list for LocalHost ------------------------------------------------- Alerter Alerter stopped MANUAL NT AUTHORITY\LocalService ALG Application Layer Gateway Service stopped MANUAL NT AUTHORITY\LocalService AppMgmt Application Management stopped MANUAL LocalSystem ATI Smart ATI Smart stopped AUTO LocalSystem AudioSrv Windows Audio running AUTO LocalSystem BITS Background Intelligent Transfer Service running MANUAL LocalSystem Browser Computer Browser running AUTO LocalSystem cisvc Indexing Service stopped MANUAL LocalSystem ClipSrv ClipBook stopped MANUAL LocalSystem COMSysApp COM+ System Application stopped MANUAL LocalSystem <SNIP>
Also
check for any MTS/COM+ objects that are set up to authenticate as the user.
Sorry don't have a command line tool I am aware of to do
that.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Wednesday, October 08, 2003 4:37 PM To: [EMAIL PROTECTED] Thanks everyone…I appreciate the excellent suggestions. I’ll post whether or not Microsoft’s solution (DS Client) is successful in the next day or two.
<mc> -----Original
Message-----
I've seen this, as Mike said, with persistent drives mapped. Also with scheduled tasks using an old password.
Hunter
From:
Creamer, Mark
[mailto:[EMAIL PROTECTED] Yep, one is the PDCE. That would explain the same event at the same time on 2 DCs. But here's the strange thing. The users log on successfully. They work with no problem for a while with apps running like Outlook (to Exchange 2000), IE, open Office files on a file server, etc. Suddenly they can't work anymore - again, just as if someone else was locking out the account. But the events are coming from the user's own PC only.
<mc> -----Original
Message-----
Is one of the DCs your PDC emulator? Normally, if a user attempts to authenticate to a DC with an incorrect password (error code 3221225578), that DC will redirect the authentication to the PDC emulator for an "authoratative" response. This covers the case where a user's password has changed but not fully replicated to all DCs. The PDC emulator would know about the change, so checking there would validate the login attempt or reject it if appropriate.
Hunter
From:
Creamer, Mark
[mailto:[EMAIL PROTECTED] Hi folks, I have been trying to troubleshoot some lockout events. In every case, the event originates on the user's own workstation (not some other user). There are no associated file object failures on the primary file server. It seems like it is application-based, but I can't nail it down. I've been using Microsoft's AL tools, including EventCombMT, but I can't use the acctinfo.dll because the clients are Win9x.
Today I noticed for the first time that on 2 DCs, the exact same 5 login failures occurred (one example follows):
681,AUDIT FAILURE,Security,Tue Oct 07 13:13:38 2003,NT AUTHORITY\SYSTEM,The logon to account: MYUSER by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 from workstation: \\HIS_PC failed. The error code was: 3221225578
I was concerned that I didn't think it is normal that 2 DCs would log the same 5 logon failures at exactly the same times. What do you think?
Thanks,
Mark
Creamer
|
- RE: [ActiveDir] account lockout troubleshooting Thommes, Michael M.
- RE: [ActiveDir] account lockout troubleshooting Creamer, Mark
- RE: [ActiveDir] account lockout troubleshooting Free, Bob
- RE: [ActiveDir] account lockout troubleshooting Coleman, Hunter
- RE: [ActiveDir] account lockout troubleshooting george.arezina
- RE: [ActiveDir] account lockout troubleshooting Creamer, Mark
- RE: [ActiveDir] account lockout troubleshooting Bridges, Samantha
- RE: [ActiveDir] account lockout troubleshooting Creamer, Mark
- RE: [ActiveDir] account lockout troubleshooting Creamer, Mark
- RE: [ActiveDir] account lockout troubleshooting Humberd Greg
- Re: [ActiveDir] account lockout troubleshooting Mahaveer Saraswat
- RE: [ActiveDir] account lockout troubleshooting Bridges, Samantha
- RE: [ActiveDir] account lockout troubleshooting Creamer, Mark
- RE: [ActiveDir] account lockout troubleshooting Comeau, Steven
- RE: [ActiveDir] account lockout troubleshooting Bridges, Samantha
- RE: [ActiveDir] account lockout troubleshooting Michael_Parent
- RE: [ActiveDir] account lockout troubleshooting Free, Bob