Announcement

Collapse
No announcement yet.

Admin - unblock account this account is currently locked out

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Admin - unblock account this account is currently locked out

    Hi Guys

    for some reason i am getting this message on the admin account on the domain controllers in AD

    unblock account this account is currently locked out of this active directory domain controller
    i also noticed that in the user logon name was blank and it was not selected to the domain.

    i have done this and have unblocked the account however as soon as i close AD on either or both of my DC's it comes back again.

    i have checked the published citrix app of AD and that shown the admin to be blocked which i took the tick out of but the DC's still show the administrator as blocked.

    if i close down the citrix published AD app it shows account is locked out with the tick

    however i can use this account to login to the domains etc

    when i unblock the account in AD i get an audit failure in the event viewer (4771)

    http://www.ultimatewindowssecurity.c...x?eventid=4771


    Edit: This is very strange i have noticed in event viewer that there are many 4771 errors and i have had these since changing the administrator password. i have since not had any problems and that was about a month ago.

    i changed the administrator password to what it was already to try and force the kerberos and that has seemed to have fixed the blocked account issue. i had to do it on both of the domain controllers though

    however i am still getting the audit failire 4771 (0x1 with the below in it

    0x18 Pre-authentication information was invalid Usually means bad password

    any idea guys?

    edit2:

    sorry i was wrong, it is still locking the admin account?

    however if i change the password back to the original (old one) it does not give the audit failure and it does not lock the admin out?

    It is only going to be a matter of time before the administrator account becomes locked out because something is not authenticating properly when the password is changed.

    i have changed the password again to hopefully force the kerberos to work properly however if it is anything but the old password i get the event 4771 and it is only a matter of time before this admin locked out occurs.

    any help greatfully received, sorry for this being all over the place
    Last edited by techmob; 11th July 2011, 18:08.

  • #2
    Re: Admin - unblock account this account is currently locked out

    check for cached passwords on devices the user often uses.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: Admin - unblock account this account is currently locked out

      it is the main administrator account so it has been logging in on all sort of workstations/servers etc

      where would they passwords be cached?

      maybe i am just better off renaming the administrator account?

      Comment


      • #4
        Re: Admin - unblock account this account is currently locked out

        "The Administrator" domain account cannot be locked out -- one of many reasons to rename it!

        WHat is in the security logs?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Admin - unblock account this account is currently locked out

          is your citrix presentation server facing the world?

          Is it possible that someone is trying to brute force your server ?
          Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

          Comment


          • #6
            Re: Admin - unblock account this account is currently locked out

            i will remote in later and check the security logs or i will do it tomorrow when i am in work

            the citrix server is facing the world however it is sat behind the firewall etc.

            this issue has probably arose from when i changed the administrator password, i noticed back then of the audit failures however i may not of noticed the account getting logged out as it continued to work.

            Comment


            • #7
              Re: Admin - unblock account this account is currently locked out

              OK, so that would almost certainly make it cached credentials.
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: Admin - unblock account this account is currently locked out

                yea i think so

                it is finding what is using the cached credntials though

                Comment


                • #9
                  Re: Admin - unblock account this account is currently locked out

                  think i have sorted it, will let you know if it comes back

                  i looked through the servers and mcafee was giving some errors. i went into the config and changed the admin password

                  i then logged into mcafee administration and changed it to log in as admin on the domain.

                  since i have not had the error and the account was not locked (which it was just before i did it)

                  time will tell.

                  thanks for your help guys

                  Comment

                  Working...
                  X