我有一个帐户,在 AD 中每隔几分钟就会被锁定。
我使用的是 Windows 7 Enterprise X64 PC 我使用的是 Windows 2003 STD 服务器
这些都是我尝试过的东西。
- 已创建新的个人资料。
- 删除所有打印机和映射驱动程序。
- 使用了微软 ALtool 的工具(我似乎无法找到 c:\windows\debug 下的日志文件)。
正常情况下,它应该在日志文件中说明帐户被锁定的位置,但它没有说明任何内容,正如您在下面看到的那样。
这些是我从我的 DC 获取的日志文件。
675,AUDIT FAILURE,Security,Thu Oct 20 09:17:26 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x0 Failure Code: 0x12 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9
644,AUDIT SUCCESS,Security,Thu Oct 20 08:24:17 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7)
644,AUDIT SUCCESS,Security,Thu Oct 20 08:21:46 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7)
644,AUDIT SUCCESS,Security,Thu Oct 20 08:16:55 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7)
644,AUDIT SUCCESS,Security,Thu Oct 20 08:13:10 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7)
644,AUDIT SUCCESS,Security,Thu Oct 20 08:09:25 2011,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: username Target Account ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Caller Machine Name: Caller User Name: DC SERVER$ Caller Domain: domain Caller Logon ID: (0x0,0x3E7)
675,AUDIT FAILURE,Security,Thu Oct 20 07:50:08 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9
675,AUDIT FAILURE,Security,Thu Oct 20 07:50:08 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0xE Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9
675,AUDIT FAILURE,Security,Thu Oct 20 07:49:59 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0x18 Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9
675,AUDIT FAILURE,Security,Thu Oct 20 07:49:59 2011,NT AUTHORITY\SYSTEM,Pre-authentication failed: User Name: username User ID: %{S-1-5-21-284166382-85745802-1543857936-28692} Service Name: krbtgt/domain Pre-Authentication Type: 0x2 Failure Code: 0xE Client Address: ip address Certificate Issuer Name: %7 Certificate Serial Number: %8 Certificate Thumbprint: %9
答案1
您的 Kerberos 失败代码解释:
0x18 - 帐户被锁定、超出登录时间或帐户被禁用
0xE - KDC 不支持加密类型
0x12 - KDC 策略拒绝请求
根据 0xE 和 0x12,您首先需要验证该计算机上的系统时间是否与您的 DC 上的时间匹配,该帐户没有登录时间限制,并且没有被禁用。
另外,您设置为哪个域/林功能级别,并且您是否有任何 2008/2008 R2 DC?
答案2
我最近发现了这个小宝贝。我们有一个用户几乎每天都被锁定。它通常发生在登录时或此后不久的某个时间(时间从不一致)。
我们使用锁定工具确定锁定来自她从未使用过的桌面。结果发现用户命名约定 y0000000 是问题的一部分。锁定帐户的计算机上的用户将两个数字调换以匹配锁定的用户帐户。它已被缓存,因此当锁定计算机上的用户登录时,另一个帐户将被锁定。我们打开了凭据存储并删除了有问题的条目。
乐趣!
答案3
我曾经与另一个用户遇到过同样的问题,我发现电脑中含有恶意软件。我使用 Malwarebytes 将其删除,并没有看到用户帐户再次被锁定。