Thanks for the info. Bruce
-----Original Message----- From: James R. Gregg [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 02, 2002 6:47 PM To: NT 2000 Discussions Subject: Re: Mysterious account locking Here is another reference which does indicate that there is a fix which can be obtained from MS Product Support. Please note that there is an exception clause, "This fix may receive additional testing at a later time, to further ensure product quality. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this fix." Check out - http://support.microsoft.com/default.aspx?scid=kb;en-us;Q263821 ----- Original Message ----- From: "James R. Gregg" <[EMAIL PROTECTED]> To: "NT 2000 Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, January 02, 2002 7:33 PM Subject: Re: Mysterious account locking > Check out - http://support.microsoft.com/default.aspx?scid=kb;EN-US;q264678 > although I don't see the actual fix. > CAUSE > When the client attempts to authenticate the user with a resource, > Windows 2000 first uses the Kerberos authentication method. If the > Kerberos attempt > does not succeed, the client then tries the Windows NT > challenge/response > (NTLM) authentication protocol. Each of these methods presents the user's > credentials for authentication purposes. Therefore, if a user specifies an > incorrect password, the user's account is "charged" twice for one > authentication attempt. > > Netlogon logging tracks only NTLM authentication attempts. To track invalid > Kerberos logon attempts, you must use Kerberos logging. > > > > STATUS > Microsoft has confirmed this to be a problem in the Microsoft products that > are listed at the beginning of this article. > > > ----- Original Message ----- > From: "Linda Schlenker" <[EMAIL PROTECTED]> > To: "NT 2000 Discussions" <[EMAIL PROTECTED]> > Sent: Wednesday, January 02, 2002 1:48 PM > Subject: RE: Mysterious account locking > > > > something that is happening to us with Win2k is that there is a > > Kerberos authentication attempted "under the covers" that we aren't > > using yet. > This > > takes 1 of the password attempts - the best that we can figure. So > > if someone mistypes their passwords twice in a row - they fail > > before > finishing > > 3 attempt (our password limit is 5). > > > > > > -----Original Message----- > > From: Huot, Denyse [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 02, 2002 2:29 PM > > To: NT 2000 Discussions > > Subject: RE: Mysterious account locking > > > > > > We had a similar problem here and that was because the users would > > save their network passwords when they wanted to use any type of > > application which required them to login. An example would be ftp; > > the user would > have > > to login to the proxy and then login to the ftp site with which they > wanted > > to go to. Because users don't like remembering passwords, they > > would save > > their network login/pw so it would automagically login for them. So once > > their network password would expire, their accounts kept getting > > locked > out, > > and ftp wasn't working anymore for them. > > But the account locking didn't happen as soon as they changed their > password > > and tried to login, but it usually happened the same day they > > changed it. > > > > Hope this helps. > > > > Denyse > > > > > > -----Original Message----- > > From: Bruce Fyfe [mailto:[EMAIL PROTECTED]] > > Sent: Wednesday, January 02, 2002 2:42 PM > > To: NT 2000 Discussions > > Subject: Mysterious account locking > > > > After a user changes their password in a Win2K AD domain the acount > > gets locked when they try to log on with the new password. At first > > I though this was user error but it is happening every time. To > > correct it I have to disable then re-enable the account. Currently > > I have one domain controller. Any ideas? > > > > Bruce > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > > > ------ > > You are subscribed as [EMAIL PROTECTED] > > Archives: http://www.swynk.com/sitesearch/search.asp > > To unsubscribe send a blank email to > > [EMAIL PROTECTED] > > > > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [EMAIL PROTECTED] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED] ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
