AD Lockout Issue

Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory

Author: jcochran PostPosted: Mon Nov 16, 2009 6:36 pm    Post subject: AD Lockout Issue
    ----
I'm typically very good at tracking down account lockout issues, but this one is giving me a hard time.

Part of the problem is that the source/ip address is not listed in the event. The source workstation is "cisco" which more than likely has something to do with our wireless network. Lucky for me, our network team is out sourced and it's like pulling teeth getting help.

So where I'd like to start is understanding the event in generic terms. Is the event below simply related to pre-authentication or is it service related?

Event Type: Failure Audit
Event Source: Security
Event Category: (9)
Event ID: 680
Date: 11/16/2009
Time: 9:14:33 AM
User: NT AUTHORITY\SYSTEM
Computer: DomainController
Description:
Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: XXXXXX
Source Workstation: CISCO
Error Code: 0xC000006A

Author: espro PostPosted: Thu Mar 04, 2010 9:36 am    Post subject: same problem here
    ----
I have the same problem... but mine also sometimes accompanied by a blank "Source Workstation" for the same logon account.
Is somekind of Cisco's hardware may cause this?

Thank you,

espro

Author: jcochran PostPosted: Thu Mar 04, 2010 7:20 pm    Post subject:
    ----
I was able to resolve this, but I don't know if the same will apply to your network/environment.

We use a Cisco VPN solution. When clients connect to the Cisco VPN solution, their computer name is masked and replaced with "CISCO".

I had one of our network engineers look at the logs for the same time the lockout was happened and the easily determined the offending IP address and "real" computer name of the system.

Once I had the actual system name, I was able to resolve the issue through normal account lockout troubleshooting.

Author: jcochran PostPosted: Thu Sep 08, 2011 9:05 pm    Post subject:
    ----
I'm not sure you read the post correctly. The problem was identifying the workstation name and ip address. They were being masked by a vpn concentrator. Once I had the IP address, I was able to resolve the lockout.



Networking/Security Forums -> Exchange 2000 // 2003 // 2007 & Active Directory


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group