Hello,
I seems to have some Kerberos authentication issues.
Issue 1
I have a couple of accounts on the domain and one of them recently started locking. I've used the lockoustatus app to monitor the status of the account. Every time i can see a bad password count going up, i check the logs on the DC and every time i can see the 4771 event for my account. What i don't understand though, is why in the "client address" filed i get the IP of the machine i logged into fine couple minutes ago... What is more after couple of minutes my accounts get locked... There isn't process/tasks/services running under my account.
Issue 2
I can see a lot of 4771 events reappearing about every 1-2 sec for 3 other users. The client address is the Exchange server (although i am not sure if this is relevant here). I asked each of them whether they have any problems and apparently everything seems to be working fine.
So, why is my account keep locking whether theirs are fine? I also enabled additional Kerberos logging, but dont see anything "new". Which Log should the additional logs appear?
Thank you,
Peter