G
Guest
on a WinXP Pro (SP2, latest Patches, in an AD Domain, DC is a Win2003 Server)
the user account has been automatically locked .
I find the following Event ID´s
Event ID: 40690
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)
Description:
The Security System detected an attempted downgrade attack for server
cifs/SERVERNAME.DOMAINNAME.net. The failure code from authentication
protocol Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.
(0xc0000234)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------------
there is also a secon Event after 40960:
Event ID: 40691
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)
Description:
The Security System could not establish a secured connection with the server
cifs/SERVERNAME.DOMAINNAME.net. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
the user account has been automatically locked .
I find the following Event ID´s
Event ID: 40690
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)
Description:
The Security System detected an attempted downgrade attack for server
cifs/SERVERNAME.DOMAINNAME.net. The failure code from authentication
protocol Kerberos was "The user account has been automatically locked because
too many invalid logon attempts or password change attempts have been
requested.
(0xc0000234)".
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
---------------------------------------------------------------------------
there is also a secon Event after 40960:
Event ID: 40691
Type: Warning
Usre: N/A
Source: LSASRV
Category: SPNEGO (Negotiator)
Description:
The Security System could not establish a secured connection with the server
cifs/SERVERNAME.DOMAINNAME.net. No authentication protocol was available.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.