I faced the same issue last week. We were unable to determine the cause of the mysterious attempts to lockout the domain admin administrator account. There were no services or scheduled tasks that used that account and even using "rundll32 keymgr.dll,KRShowKeyMgr" showed no cached credentials on any of the computers.
The DC's security event logs are being flooded with 0x12 and 0x18 errors for eventids 675 and 680. I am interested in also seeing what the lists suggests for tracking this down. Thanks Webster From: [email protected] [mailto:[email protected]] On Behalf Of David McSpadden Sent: Tuesday, September 10, 2013 9:25 AM To: [email protected] Subject: [NTSysADM] Logon sniffing tool My machine is trying and failing to log into the domain about every 6 minutes. What tool can I use to find the process, service, or program that is attempting to log in with a bad password? Windows 8 64 bit failing with a 2008 AD. Event id 675 code 0x18 Thank you David W. McSpadden Begin Planning Arrange for Reconnaissance and Coordination Make Reconnaissance Complete Plan Issue Order Supervise This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. Please consider the environment before printing this email.
