downgrade attack

[Ali]

i have a problem in my site about LSAsrv
in some windows xp clients , when the user wants to login
or use the server resource, the system lock out the
accounts , and this events shown in client's event log:
Event id:40960
The Security System detected an attempted downgrade
attack for server cifs/Mbserver1. The failure code from
authentication protocol Kerberos was "The user account
has been automatically locked because too many invalid
logon attempts or password change attempts have been
requested.
(0xc0000234)".

can you help me resolve the problem

 

[IBTerry [MSFT]]

Hello Ali,

Are your workstations in a Windows 2000 or 2003 domain? There are many,
many reasons why account can be locked out.
The best place to start is w/ the following white paper which details many
of these scenerios.
http://www.microsoft.com/downloads/details.aspx?familyid=8c8e0d90-a13b-4977-
a4fc-3e2b67e3748e&displaylang=en

Hope this helps,

IBTerry [MSFT]
This posting is provided "AS IS" with no warranties, and confers no rights.