| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
Rick
Guest
Posts: n/a
|
Sorry, I originally posted this in the wrong group...
Hi all, my admin account keeps getting locked out every time I reboot one of my servers (recently changed my password). I have no manually mapped drives, no cached login infor in keymgr.cpl and non of the services are configured to use my admin account. I also checked all object in DCOM and non use my account. Here's the alockout log: Thu Jan 25 12:36:55 2007, PID: 716, Thread: 720, Image winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:56 2007, PID: 768, Thread: 772, Image C:\WINDOWS\system32\services.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:56 2007, PID: 780, Thread: 784, Image C:\WINDOWS\system32\lsass.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1020, Thread: 1028, Image C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1072, Thread: 1080, Image C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1152, Thread: 1160, Image C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1168, Thread: 1172, Image C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1228, Thread: 1232, Image C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:58 2007, PID: 1304, Thread: 1308, Image C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:36:59 2007, PID: 1364, Thread: 1368, Image C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:05 2007, PID: 1704, Thread: 1708, Image C:\WINDOWS\system32\spoolsv.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:05 2007, PID: 1732, Thread: 1736, Image C:\WINDOWS\system32\msdtc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:07 2007, PID: 1924, Thread: 1928, Image C:\Program Files\compaq\cpqacuxe\Bin\hpacubin.exe,ALOCKOUT.DL L - DLL_PROCESS_ATTACH Thu Jan 25 12:37:07 2007, PID: 1984, Thread: 1988, Image C:\hp\hpsmh\data\cgi-bin\vcrepository\cpqsrhmo.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 2000, Thread: 2004, Image C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 2036, Thread: 2040, Image D:\program files\sav\Symantec AntiVirus\Symantec AntiVirus\DefWatch.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 308, Thread: 296, Image C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 336, Thread: 340, Image C:\WINDOWS\system32\grovel.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 436, Thread: 440, Image C:\Program Files\HP\Performance Management Pack 4\pmp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:08 2007, PID: 460, Thread: 464, Image C:\Program Files\HP\Performance Management Pack 4\PMPTools\pmptools.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 512, Thread: 412, Image C:\PROGRA~1\HP\SYSTEM~2\lbin\hpsimsvc.exe,ALOCKOUT .DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 556, Thread: 560, Image C:\Program Files\HP\Systems Insight Manager\lbin\mxdtf,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 564, Thread: 592, Image C:\Program Files\HP\HP Virtualization Management Software\bin\hpvmmsvc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 648, Thread: 652, Image C:\WINDOWS\system32\inetsrv\inetinfo.exe,ALOCKOUT. DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 676, Thread: 680, Image C:\WINDOWS\system32\cba\pds.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 932, Thread: 784, Image C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:09 2007, PID: 1284, Thread: 1256, Image C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe,ALOCKOUT.D LL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:10 2007, PID: 1592, Thread: 1596, Image C:\Program Files\Microsoft SQL Server\MSSQL$WSUS\Binn\sqlservr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:10 2007, PID: 1600, Thread: 924, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:10 2007, PID: 1696, Thread: 1700, Image ...\jrewindows\bin\hpvmmsvcj.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:11 2007, PID: 2088, Thread: 2092, Image C:\Program Files\HP\Systems Insight Manager\lbin\mxdomainmgr,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:13 2007, PID: 2248, Thread: 2252, Image D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE,ALOCKOUT. DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:13 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:14 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:17 2007, PID: 2548, Thread: 2556, Image d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:17 2007, PID: 2660, Thread: 2664, Image C:\PROGRA~1\POWERC~1\pcns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:24 2007, PID: 2872, Thread: 2876, Image ,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:24 2007, PID: 2960, Thread: 2964, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:25 2007, PID: 3048, Thread: 3052, Image c:\inetpub\wwwroot\SMSComponent\SMSRPH.exe,ALOCKOU T.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:25 2007, PID: 3100, Thread: 3108, Image C:\WINDOWS\System32\snmp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:26 2007, PID: 3152, Thread: 3156, Image D:\program files\sav\Symantec AntiVirus\Symantec AntiVirus\Rtvscan.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:26 2007, PID: 2912, Thread: 2988, Image C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:27 2007, PID: 3256, Thread: 3260, Image C:\hp\hpsmh\bin\smhstart.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:27 2007, PID: 2960, Thread: 3036, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:27 2007, PID: 3332, Thread: 3340, Image C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:28 2007, PID: 3344, Thread: 3352, Image C:\WINDOWS\system32\tftpd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:28 2007, PID: 3392, Thread: 3400, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:28 2007, PID: 3384, Thread: 3388, Image C:\Program Files\The Open Group\WMI Mapper\bin\WbemCons.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:28 2007, PID: 3584, Thread: 3588, Image C:\Program Files\RealVNC\VNC4\WinVNC4.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:28 2007, PID: 3624, Thread: 3628, Image C:\Program Files\The Open Group\WMI Mapper\bin\WMIServer.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:29 2007, PID: 3664, Thread: 3668, Image c:\program files\update services\service\bin\wsusservice.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:29 2007, PID: 3704, Thread: 3708, Image MsgSys.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:30 2007, PID: 3828, Thread: 3832, Image D:\SMS_CCM\CLICOMP\RemCtrl\Wuser32.exe,ALOCKOUT.DL L - DLL_PROCESS_ATTACH Thu Jan 25 12:37:30 2007, PID: 3876, Thread: 3880, Image C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:31 2007, PID: 3928, Thread: 3932, Image C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:31 2007, PID: 3940, Thread: 3944, Image C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:31 2007, PID: 3972, Thread: 3976, Image C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:31 2007, PID: 4008, Thread: 4012, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:31 2007, PID: 4016, Thread: 4020, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:32 2007, PID: 3392, Thread: 3540, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:32 2007, PID: 4048, Thread: 4056, Image C:\WINDOWS\system32\tcpsvcs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:32 2007, PID: 660, Thread: 964, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:32 2007, PID: 1000, Thread: 1328, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:33 2007, PID: 4092, Thread: 300, Image D:\SMS_CCM\CcmExec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:33 2007, PID: 1760, Thread: 1756, Image C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:34 2007, PID: 1588, Thread: 2240, Image C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe,ALOCKOUT .DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:34 2007, PID: 2352, Thread: 2356, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:34 2007, PID: 2244, Thread: 2232, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:34 2007, PID: 2464, Thread: 2340, Image C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe, ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:35 2007, PID: 2628, Thread: 2236, Image C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe, ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:35 2007, PID: 2692, Thread: 2696, Image C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:35 2007, PID: 2712, Thread: 2720, Image C:\WINDOWS\system32\ams_ii\hndlrsvc.exe,ALOCKOUT.D LL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:36 2007, PID: 4632, Thread: 4636, Image C:\WINDOWS\system32\ams_ii\iao.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:37 2007, PID: 4684, Thread: 4688, Image C:\WINDOWS\system32\cba\xfr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:39 2007, PID: 4832, Thread: 4836, Image C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:41 2007, PID: 4740, Thread: 4744, Image D:\SMS\bin\i386\smsexec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:42 2007, PID: 5144, Thread: 5148, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:42 2007, PID: 5232, Thread: 5236, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:42 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:43 2007, PID: 5264, Thread: 5268, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:44 2007, PID: 5336, Thread: 5340, Image D:\SMS\bin\i386\sitecomp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:45 2007, PID: 5368, Thread: 5372, Image C:\WINDOWS\system32\sysdown.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:45 2007, PID: 5144, Thread: 5196, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:45 2007, PID: 5392, Thread: 5396, Image C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:45 2007, PID: 5264, Thread: 5288, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:45 2007, PID: 5400, Thread: 5404, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:45 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:46 2007, PID: 5232, Thread: 5236, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:46 2007, PID: 5464, Thread: 5468, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:46 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:46 2007, PID: 5592, Thread: 5596, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:47 2007, PID: 2548, Thread: 2556, Image d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:52 2007, PID: 5592, Thread: 5636, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:52 2007, PID: 5400, Thread: 5504, Image C:\Program Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:52 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:53 2007, PID: 5464, Thread: 5468, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:53 2007, PID: 5516, Thread: 5520, Image C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:54 2007, PID: 5928, Thread: 5932, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:54 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:54 2007, PID: 5944, Thread: 5948, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:56 2007, PID: 6084, Thread: 6088, Image c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:56 2007, PID: 6016, Thread: 6116, Image C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe, ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:57 2007, PID: 5944, Thread: 6000, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:57 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:58 2007, PID: 5928, Thread: 5932, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:37:58 2007, PID: 540, Thread: 3160, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:58 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:37:58 2007, PID: 4708, Thread: 4712, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:01 2007, PID: 4708, Thread: 4784, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:01 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:02 2007, PID: 5380, Thread: 5228, Image C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:02 2007, PID: 540, Thread: 3160, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:03 2007, PID: 2552, Thread: 2560, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:03 2007, PID: 5252, Thread: 5248, Image C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:03 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:03 2007, PID: 5588, Thread: 5604, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:04 2007, PID: 4740, Thread: 5568, Image D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (1), Local: (null), Remote: \\KIL-ITADMIN\A$, Password: Password was NULL, Window Title: , RC was: The network name cannot be found. (67), GLE was: The network name cannot be found. (67) Thu Jan 25 12:38:05 2007, PID: 4740, Thread: 5568, Image D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (2), Local: (null), Remote: \\KIL-ITADMIN\E$, Password: Password was NULL, Window Title: , RC was: The device is not ready. (21), GLE was: The device is not ready. (21) Thu Jan 25 12:38:05 2007, PID: 5648, Thread: 5644, Image C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:05 2007, PID: 716, Thread: 856, Image winlogon.exe,***StartServiceW Failed!*** (0), Service: Failed to get Service name, RC was: Incorrect function. (1), GLE was: The operation completed successfully. (0) Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image C:\WINDOWS\system32\svchost.exe, ************************************************** ********* Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image C:\WINDOWS\system32\svchost.exe, ************************************************** ********* Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image C:\WINDOWS\system32\svchost.exe, ************************************************** ********* Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for Details (ID: 7000) * Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for Details (ID: 7000) * Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image C:\WINDOWS\system32\svchost.exe, ************************************************** ********* Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for Details (ID: 7000) * Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image C:\WINDOWS\system32\svchost.exe, ************************************************** ********* Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image C:\WINDOWS\system32\svchost.exe,****************** ***************************************** Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image C:\WINDOWS\system32\svchost.exe,****************** ***************************************** Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image C:\WINDOWS\system32\svchost.exe,* Service Failure - See System Log for Details (ID: 7000) * Thu Jan 25 12:38:06 2007, PID: 5588, Thread: 5660, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1108, Image C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service: Service: Windows Management Instrumentation (C:\WINDOWS\system32\svchost.exe -k netsvcs), RC was: The operation completed successfully. (0), GLE was: An instance of the service is already running. (1056) Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service: Service: Background Intelligent Transfer Service (C:\WINDOWS\system32\svchost.exe -k netsvcs), RC was: Incorrect function. (1), GLE was: The operation completed successfully. (0) Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image C:\WINDOWS\system32\svchost.exe,****************** ***************************************** Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service: Service: System Event Notification (C:\WINDOWS\system32\svchost.exe -k netsvcs), RC was: The operation completed successfully. (0), GLE was: An instance of the service is already running. (1056) Thu Jan 25 12:38:06 2007, PID: 6096, Thread: 6124, Image userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:06 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service: Service: Windows Installer (C:\WINDOWS\system32\msiexec.exe /V), RC was: Incorrect function. (1), GLE was: The operation completed successfully. (0) Thu Jan 25 12:38:06 2007, PID: 2552, Thread: 2560, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:07 2007, PID: 2212, Thread: 2444, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:07 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:07 2007, PID: 5992, Thread: 5988, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:07 2007, PID: 2228, Thread: 5132, Image C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:08 2007, PID: 4712, Thread: 4784, Image c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:10 2007, PID: 5724, Thread: 5720, Image d:\Repository\psp-7.60.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:11 2007, PID: 5992, Thread: 5028, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:11 2007, PID: 6068, Thread: 6132, Image c:\windows\microsoft.net\framework\v1.1.4322\csc.e xe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:11 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:11 2007, PID: 2784, Thread: 6136, Image c:\windows\microsoft.net\framework\v1.1.4322\csc.e xe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:11 2007, PID: 2212, Thread: 2444, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:11 2007, PID: 2228, Thread: 5132, Image C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:11 2007, PID: 6096, Thread: 6124, Image userinit.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:11 2007, PID: 4788, Thread: 4796, Image userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:12 2007, PID: 4788, Thread: 4796, Image userinit.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:12 2007, PID: 6068, Thread: 6132, Image c:\windows\microsoft.net\framework\v1.1.4322\csc.e xe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:12 2007, PID: 6204, Thread: 6208, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:12 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:12 2007, PID: 6236, Thread: 6240, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:14 2007, PID: 2784, Thread: 6136, Image c:\windows\microsoft.net\framework\v1.1.4322\csc.e xe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:16 2007, PID: 6236, Thread: 6268, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:16 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:16 2007, PID: 6204, Thread: 6208, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:16 2007, PID: 6400, Thread: 6404, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:16 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:16 2007, PID: 6424, Thread: 6428, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:17 2007, PID: 6452, Thread: 6456, Image C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:19 2007, PID: 6424, Thread: 6448, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:19 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:19 2007, PID: 6400, Thread: 6404, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:20 2007, PID: 6604, Thread: 6608, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:20 2007, PID: 6612, Thread: 6616, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:21 2007, PID: 6612, Thread: 6616, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:21 2007, PID: 6604, Thread: 6608, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:21 2007, PID: 6640, Thread: 6644, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:21 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:21 2007, PID: 6676, Thread: 6680, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:22 2007, PID: 6728, Thread: 6732, Image C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:25 2007, PID: 6676, Thread: 6716, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:25 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:25 2007, PID: 6640, Thread: 6644, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:25 2007, PID: 6904, Thread: 6908, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:26 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:27 2007, PID: 7048, Thread: 7052, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:28 2007, PID: 7192, Thread: 7196, Image winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:32 2007, PID: 7048, Thread: 7248, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:32 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:32 2007, PID: 6904, Thread: 6908, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:33 2007, PID: 7580, Thread: 7584, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:33 2007, PID: 7612, Thread: 7616, Image hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:34 2007, PID: 7612, Thread: 7616, Image hostname,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:34 2007, PID: 7580, Thread: 7584, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:34 2007, PID: 7632, Thread: 7636, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:34 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:34 2007, PID: 7648, Thread: 7652, Image mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH Thu Jan 25 12:38:36 2007, PID: 7648, Thread: 7672, Image mxpassword,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:36 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:36 2007, PID: 7632, Thread: 7636, Image C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch Thu Jan 25 12:38:36 2007, PID: 7756, Thread: 7760, Image I also noticed the following security event right before my account gets locked (not sure if it's related): Object Open: Object Server: SC Manager Object Type: SC_MANAGER OBJECT Object Name: ServicesActive Handle ID: - Operation ID: {0,58034} Process ID: 768 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: MYSERVER$ Primary Domain: MYDOMAIN Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: READ_CONTROL Connect to service controller Lock service database for exclusive access Privileges: - Restricted Sid Count: 0 Access Mask: 0x20009 |
|
|
|
|
|||
|
|||
|
|
|
| |
|
Pegasus \(MVP\)
Guest
Posts: n/a
|
"Rick" <> wrote in message news:6F689859-BEB3-4028-9850-... > Sorry, I originally posted this in the wrong group... > > Hi all, my admin account keeps getting locked out every time I reboot one of > my servers (recently changed my password). I have no manually mapped drives, > no cached login infor in keymgr.cpl and non of the services are configured to > use my admin account. I also checked all object in DCOM and non use my > account. > Since you recently changed your password, your problem is obviously caused by some process that still uses the old password. I suspect a scheduled task. It is better to create a dedicated account for scheduled tasks and for services instead of using your own account, for reasons that are now becoming clear. |
|
|
|
|
|||
|
|
|||
|
Rick
Guest
Posts: n/a
|
Hi, thanks for you reply. No scheduled tasks are running under my admin
account, we do have service accounts for these. Rick "Pegasus (MVP)" wrote: > Since you recently changed your password, your problem is > obviously caused by some process that still uses the old password. > I suspect a scheduled task. > > It is better to create a dedicated account for scheduled tasks and > for services instead of using your own account, for reasons that > are now becoming clear. |
|
|
|
|
|||
|
|
|||
|
Rick
Guest
Posts: n/a
|
Hi Will, this is a member server and the account is a Domain Admin account,
not local. If I pull the network cable and reboot, it does not lock my account. "Will" wrote: > This is a member server, and you are attempting login with the local builtin > Administrator account? > > Can you disconnect this computer from the network during the next reboot and > see if the account resets? You should at least positively rule out the > possibility that the lockout is due to some interaction with the network, > then that will focus next efforts. > > -- > Will |
|
|
|
|
|||
|
|
|||
|
Rick
Guest
Posts: n/a
|
Hi Will, thanks for the reply, see responses below:
"Will" wrote: > So what seems likely is that *something* on this member server is attempting > a connection to your domain controller with the wrong credentials. Totally agree. > On the domain controller, are you auditing failed logins? If not, start > doing so. Are you seeing failed login attempts from this member server > prior to your attempted logins in the security event viewer of the domain > controller? They must be there, because the account does not get locked > out unless you reboot this particular server. Yes, and I can see failed login attempts from the member server in question when I reboot it. > Now the question is where is the program that is entering the bad command > located. Is it possible you have a startup script running on that server > that possibly attempts to copy over files from the server after > authenticating from a command line script with NET USE? Perhaps that > script has hard-coded into it the old password? Have you thought about > scanning all local hard drives for any file that contains the old domain > controller password? No startup scripts that are unique to this server. I did upgrade HP's Insight Manager lately and this could be the cause but I'm not 100% certain. I scanned all files on the server and the registry for the name of my admin ID since I would think a password stored in a configuration file or registry would be encrypted and not stored in plain text. Didn't find anything. I will scan all files for my old password in a little while. > Is there any chance you are logging in as the local administrator and then > attempting to use NET USE with domain administrator credentials? Nope, I never log in as the local administrator, only a domain admin account. > -- > Will Is there anything from the alockout.log that I posted that helps to identify what might be causing this? Rick |
|
|
|
|
|||
|
|
|||
|
Rick
Guest
Posts: n/a
|
Will, thanks for your help. I found out it was the HP Virtual Machine
Manager service (even though the service used a service account to run). I don't use this software so I uninstalled it - problem solved. Rick |
|
|
|
|
|||
|
|
|||
|
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Local Admin Account locks out the Domain Admin Account | Tim Trabold | Windows Server | 2 | 03-03-2006 08:08 PM |
| Problems with 2003 domain controllers after SP1!!!!!! | Spale | Windows Server | 4 | 04-27-2005 09:43 PM |
| WinXP workstation - Domain Admin accts no longer can logon | Jim Walsh | Windows Server | 0 | 04-21-2005 10:09 PM |
| Logon Server Unavailable | Mike | Windows Server | 10 | 12-25-2004 12:25 AM |
| Isn't the Administrator password the same as the Domain Admin pass | Curious_2k3 | Windows Server | 3 | 08-17-2004 12:33 PM |
Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc. |
Linear Mode
