E
edavid3001
We have been dealing with account lockout issues for well over a year.
After much analysis this is what I have discovered.
I normally am terminal serviced into SERVER1 is a disconnected state,
running workstation scanning software.
My password expired today (Netware grace loggons, AD not expired yet.)
I Terminal serviced into SERVER1 and logged out.
I ran PSLOGGEDON and verified I was not logged in at any location other
than my desk.
I did CNTL ALT DEL and changed my password on the Active directory
(Mixed mode.) as well as the Netware NDS and our eDirectory tree.
I rebooted my PC, and logged back on. I verified my password synced
across the domain controllers.
I terminal serviced into SERVER1 with my new password.
I started running my software scan.
Immediately my account became disabled. The event logs on our AD
server from which I got locked out show this;
Service Ticket Request Failed:
User Name: USER
User Domain: DOMAIN.COM
Service Name: HOST/PC1234
Ticket Options: 0x40810010
Failure Code: 0x12
Client Address: 192.168.3.10
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
USER is my user ID. DOMAIN.COM is my Active Directory Domain. PC1234
is the workstation I was attempting to scan. 192.168.3.10 is the IP
address of the SERVER1 where I run my scanning software.
So this tells me that when I logged out of Terminal Services (Not
disconnected) and verified via PSLOGGEDON and Terminal Services Manager
(from another admins desk) that I was not on this server, Windows still
kept my old credentials.
Even after logging on with my new password, Microsoft Windows 2000
server still attempts to use the last USERID/PWD that I connected to
this PC1234 with. I actually had to reboot the server to get past this
issue.
This seems to be a security bug to me.
Are there any known articles on fixing this? Much searching, and I
have not found anything just like this -- only the issue with
disconnected sessions.
Edwin Davidson.
After much analysis this is what I have discovered.
I normally am terminal serviced into SERVER1 is a disconnected state,
running workstation scanning software.
My password expired today (Netware grace loggons, AD not expired yet.)
I Terminal serviced into SERVER1 and logged out.
I ran PSLOGGEDON and verified I was not logged in at any location other
than my desk.
I did CNTL ALT DEL and changed my password on the Active directory
(Mixed mode.) as well as the Netware NDS and our eDirectory tree.
I rebooted my PC, and logged back on. I verified my password synced
across the domain controllers.
I terminal serviced into SERVER1 with my new password.
I started running my software scan.
Immediately my account became disabled. The event logs on our AD
server from which I got locked out show this;
Service Ticket Request Failed:
User Name: USER
User Domain: DOMAIN.COM
Service Name: HOST/PC1234
Ticket Options: 0x40810010
Failure Code: 0x12
Client Address: 192.168.3.10
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
USER is my user ID. DOMAIN.COM is my Active Directory Domain. PC1234
is the workstation I was attempting to scan. 192.168.3.10 is the IP
address of the SERVER1 where I run my scanning software.
So this tells me that when I logged out of Terminal Services (Not
disconnected) and verified via PSLOGGEDON and Terminal Services Manager
(from another admins desk) that I was not on this server, Windows still
kept my old credentials.
Even after logging on with my new password, Microsoft Windows 2000
server still attempts to use the last USERID/PWD that I connected to
this PC1234 with. I actually had to reboot the server to get past this
issue.
This seems to be a security bug to me.
Are there any known articles on fixing this? Much searching, and I
have not found anything just like this -- only the issue with
disconnected sessions.
Edwin Davidson.