B
Bawhead
One user on my network is being continually locked out of her account.
After some investigation we have tracked it down to a specific PC
(D7C63D) that whenever it is switched on it tries to connect to the
network using the users username and a password. The following error
messages were logged in the main server event logs:
The logon to account: user02
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: D7C63D
failed. The error code was: 3221225578
Logon Failure:
Reason: Unknown user name or bad password
User Name: user02
Domain: D7C63D51
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: D7C63D
The problem is I can't find where on the system the users logon
details are being kept as they only used once, some time ago - I've
checked the profiles, all registry, searched files based on name and
content. I also can't figure out which process is involved in trying
logon. This one is driving me mad, any ideas will be gratefully
received.
After some investigation we have tracked it down to a specific PC
(D7C63D) that whenever it is switched on it tries to connect to the
network using the users username and a password. The following error
messages were logged in the main server event logs:
The logon to account: user02
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: D7C63D
failed. The error code was: 3221225578
Logon Failure:
Reason: Unknown user name or bad password
User Name: user02
Domain: D7C63D51
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: D7C63D
The problem is I can't find where on the system the users logon
details are being kept as they only used once, some time ago - I've
checked the profiles, all registry, searched files based on name and
content. I also can't figure out which process is involved in trying
logon. This one is driving me mad, any ideas will be gratefully
received.