Can someone help me with this. Over the last few weeks, a users account is constantly getting locked out, without them trying to log on.
I wanted to being to find out where the login attempts are originating. In the Event I see Network Information
Client Address: ::ffff:192.168.x.x
Client Port: 4889
well this address happens to be one of our domain controllers. Can anyone help me understand if this domain controller (which is a backup DC, not FSMO roles) is taking part in the lockout? Users Password has not been change in a few weeks.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 3/23/2011 9:58:35 AM
Event ID: 4771
Task Category: Kerberos Authentication Service
Level: Information
Keywords: Audit Failure
Description:
Kerberos pre-authentication failed.