我有帐户,每隔几分钟就会locking在AD里。
我正在使用Windows 7企业版X64电脑我正在使用Windows 2003 STD服务器
这些是我已经尝试过的东西。
通常情况下,它应该在帐户被locking的日志文件中说,但它不会说出任何内容,如下所示。
这些是我从DC获得的日志文件。
675,AUDIT FAILURE,Security,Thu Oct 20 09:17:26 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x0 Failure Code: 0x12 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9 644,AUDIT SUCCESS,Security,Thu Oct 20 08:24:17 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7) 644,AUDIT SUCCESS,Security,Thu Oct 20 08:21:46 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7) 644,AUDIT SUCCESS,Security,Thu Oct 20 08:16:55 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7) 644,AUDIT SUCCESS,Security,Thu Oct 20 08:13:10 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7) 644,AUDIT SUCCESS,Security,Thu Oct 20 08:09:25 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7) 675,AUDIT FAILURE,Security,Thu Oct 20 07:50:08 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9 675,AUDIT FAILURE,Security,Thu Oct 20 07:50:08 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0xE Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9 675,AUDIT FAILURE,Security,Thu Oct 20 07:49:59 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9 675,AUDIT FAILURE,Security,Thu Oct 20 07:49:59 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0xE Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9 您的Kerberos失败代码解释:
0x18 – 帐户被locking,在login时间之外,或帐户被禁用
0xE – KDC不支持encryptiontypes
0x12 – KDC策略拒绝请求
基于0xE和0x12,您需要首先validation该机器上的系统时间是否与您的DC上的时间匹配,该帐户没有login时间限制,并且未被禁用。
此外,您设置了哪些域/森林function级别,并且您是否有任何2008/2008 R2 DC?
我最近遇到了这个小gem。 我们有一个用户几乎每天都被locking。 这通常会发生在login或稍后的某个时间(时间从未一致)。
我们使用locking工具来确定locking来自她从未使用过的桌面。 事实certificate,用户命名约定y0000000是问题的一部分。 locking帐户的机器上的用户已经转换了两个数字以匹配locking的用户帐户。 它已经被caching,所以当locking机器上的用户login到另一个账户时会被locking。 我们打开了凭据存储并删除了违规的条目。
有趣!
我有一次与另一个用户相同的问题,我发现电脑包含恶意软件。 我使用Malwarebytes删除它,并没有看到用户帐户被locking了。