|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
All domain Accounts being locked outHi,
On one of my 2000 Domains, all accounts are being locked out. If I unlock an account, it will be locked again within a few minutes, even an account that no-one or nothing uses. I have lots of errors like Authentication Ticket Request Failed: User Name: ASPNET Supplied Realm Name: xxx.yyy.com Service Name: krbtgt/xxx.yyy.com Ticket Options: 0x40810010 Failure Code: 0x6 Client Address: 192.168.30.97 This may be the clue:
> User Name: ASPNET Sounds like a webserver process is trying to log-on as this user.Might be faulty website coding, or might be an intrusion-attempt. Show quoteHide quote "Alasdair" wrote: > Hi, > > On one of my 2000 Domains, all accounts are being locked out. > If I unlock an account, it will be locked again within a few minutes, even > an account that no-one or nothing uses. > > > I have lots of errors like > > Authentication Ticket Request Failed: > User Name: ASPNET > Supplied Realm Name: xxx.yyy.com > Service Name: krbtgt/xxx.yyy.com > Ticket Options: 0x40810010 > Failure Code: 0x6 > Client Address: 192.168.30.97 > > We tracked it down to an outbreak of Conficker.B virus (aka Downad or
Downadup). In the end a very long phone session with MS Support helped us track it down and do a manual removal on the infected machines. Show quoteHide quote "Anteaus" wrote: > This may be the clue: > > User Name: ASPNET > > Sounds like a webserver process is trying to log-on as this user. > Might be faulty website coding, or might be an intrusion-attempt. > > "Alasdair" wrote: > > > Hi, > > > > On one of my 2000 Domains, all accounts are being locked out. > > If I unlock an account, it will be locked again within a few minutes, even > > an account that no-one or nothing uses. > > > > > > I have lots of errors like > > > > Authentication Ticket Request Failed: > > User Name: ASPNET > > Supplied Realm Name: xxx.yyy.com > > Service Name: krbtgt/xxx.yyy.com > > Ticket Options: 0x40810010 > > Failure Code: 0x6 > > Client Address: 192.168.30.97 > > > > Hello Alasdair.
What procedure that support Microsoft sent to resolve the problem? The manual is how removal? Thanks! Show quoteHide quote "Alasdair" wrote: > We tracked it down to an outbreak of Conficker.B virus (aka Downad or > Downadup). > > In the end a very long phone session with MS Support helped us track it down > and do a manual removal on the infected machines. > > "Anteaus" wrote: > > > This may be the clue: > > > User Name: ASPNET > > > > Sounds like a webserver process is trying to log-on as this user. > > Might be faulty website coding, or might be an intrusion-attempt. > > > > "Alasdair" wrote: > > > > > Hi, > > > > > > On one of my 2000 Domains, all accounts are being locked out. > > > If I unlock an account, it will be locked again within a few minutes, even > > > an account that no-one or nothing uses. > > > > > > > > > I have lots of errors like > > > > > > Authentication Ticket Request Failed: > > > User Name: ASPNET > > > Supplied Realm Name: xxx.yyy.com > > > Service Name: krbtgt/xxx.yyy.com > > > Ticket Options: 0x40810010 > > > Failure Code: 0x6 > > > Client Address: 192.168.30.97 > > > > > >
Show quote
Hide quote
"Alasdair" wrote:
> We tracked it down to an outbreak of Conficker.B virus (aka Downad or > Downadup). > > In the end a very long phone session with MS Support helped us track it down > and do a manual removal on the infected machines. > > "Anteaus" wrote: > > > This may be the clue: > > > User Name: ASPNET > > > > Sounds like a webserver process is trying to log-on as this user. > > Might be faulty website coding, or might be an intrusion-attempt. > > > > "Alasdair" wrote: > > > > > Hi, > > > > > > On one of my 2000 Domains, all accounts are being locked out. > > > If I unlock an account, it will be locked again within a few minutes, even > > > an account that no-one or nothing uses. > > > > > > > > > I have lots of errors like > > > > > > Authentication Ticket Request Failed: > > > User Name: ASPNET > > > Supplied Realm Name: xxx.yyy.com > > > Service Name: krbtgt/xxx.yyy.com > > > Ticket Options: 0x40810010 > > > Failure Code: 0x6 > > > Client Address: 192.168.30.97 > > > > > > 
Other interesting topics
Event ID 5719: No Windows NT or Windows 2000 Domain Controller is available for domain <domain>.
Novell/Active Directory Built-in Administrator acct. for Domain be password never expires? encryption that cannot be restored Best Practice: Patches that are not critical or security related No Updates are successful Windows Vista Re: automatic updates disabled "error 1058" Error Code: 0x8007012B Security settings |
|||||||||||||||||||||||
