Nick wrote:
> I've done everything I can think of trying to locate the problem.
> Server shows the same log that's how I found offending workstation.
>
> Here is the event from the WinXP workstation with auditing failed
> events. Logon Failure:
> Reason: Unknown user name or bad password
> User Name: "unser name"
> Domain: "Domain"
> Logon Type: 3
> Logon Process: NtLmSsp
> Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
> Workstation Name: "Server name"
>
> More Info:
> If I turn off the "server" service the failed logons stop and my
> domain account does not lockout. Server Service is configured to
> start under the local system account.
>
> I have scanned this workstation for malware using Kaspersky, Combofix
> and spybot.
>
> SBS2008, mixed Win XP and 7 clients, Kaspersky Antivirus
Check for saved Passwords for the account (Control Panel > User
Accounts > Advanced tab > Manage Passwords) on the workstation (you
need to be logged in with the account in question).
I've seen cases where users manage to get their own domain account into
this list with a password that has subsequently expired.
--
Steve Foster
For SSL Certificates, Domains, etc, visit.:
https://netshop.virtual-isp.net
Similar Threads
Linear Mode
