Thanks, I'll have our DBA give that a try and let you know how it goes. 

Is it correct that these failed logons wouldn't show up in the DC's
security logs if I'm auditing logon failures?

 

 

...Tim

 

From: David W. McSpadden [mailto:[EMAIL PROTECTED] 
Sent: Thursday, May 15, 2008 9:55 AM
To: NT System Admin Issues
Subject: Re: account lockout

 

Run a SQL profiler trace and audit log on's for that account.

You can even audit log on failures.  This should give you the process
that is screwing you up.

        ----- Original Message ----- 

        From: Tim Evans <mailto:[EMAIL PROTECTED]>  

        To: NT System Admin Issues
<mailto:[email protected]>  

        Sent: Thursday, May 15, 2008 12:49 PM

        Subject: RE: account lockout

         

        BTW, Its Windows 2003 server Forest and Domain functional level

         

         

        ...Tim

         

        From: Tim Evans [mailto:[EMAIL PROTECTED] 
        Sent: Thursday, May 15, 2008 9:45 AM
        To: NT System Admin Issues
        Subject: account lockout

         

        We've got  a domain service account that is repeatedly getting
locked out, but I'm not getting any 644 or 529 events in the DC security
logs for that account. I've also run the built in Account Lockouts
search in EventCombNT and come up empty. I'm pretty sure it is some kind
of a scheduled job that is doing it, but finding it is proving
challenging. If it helps any, it's a SQL Server service account and it
runs many SQL queries.

         

        Any ideas how I can find what is locking out this account?

         

        Tim Evans
        Associate, IT Manager

        S P A R L I N G 

        
        206/667-0509-Direct

        www.sparling.com <http://www.sparling.com> 

         

         

         

         
        
        
        
        
        
        ______________________________________________________
        
        
        
        
        
        
        
        
        
        This e-mail and any files transmitted with it are property of
Indiana Members Credit Union, are confidential, and are intended solely
for the use of the individual or entity to whom this e-mail is
addressed. If you are not one of the named recipient(s) or otherwise
have reason to believe that you have received this message in error,
please notify the sender and delete this message immediately from your
computer. Any other use, retention, dissemination, forwarding, printing,
or copying of this email is strictly prohibited.
        
        
        
        
        
        
        
        
        
        This email has been scanned by the MessageLabs Email Security
System.
        
        
        
        
        For more information please visit
http://www.messagelabs.com/email 
        
        
        
        
        
______________________________________________________________________
        
        
        
        
         
         
         

 

 

~ Upgrade to Next Generation Antispam/Antivirus with Ninja!    ~
~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm>  ~

Reply via email to