Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ADVAPI Process locking out admin account

Status
Not open for further replies.

JamesONeill

IS-IT--Management
Sep 8, 2006
22
DE
Hello

Wonder if anyone can help me...

My domain admin account keeps getting locked out, roughly every 15 mins due to wrong password attempts being tried every 5 or so mins.

Under the event log i get this:

Event Type: Failure Audit
Event Source: Security
Event Category: Logon/Logoff
Event ID: 539
Date: 18/09/2007
Time: 12:51:46
User: NT AUTHORITY\SYSTEM
Computer: AC7SV000166
Description:
Logon Failure:
Reason: Account locked out
User Name: ac7gen-administrator
Domain: za
Logon Type: 8
Logon Process: Advapi
Authentication Package: Negotiate
Workstation Name: AC7SV000166
Caller User Name: NETWORK SERVICE
Caller Domain: NT AUTHORITY
Caller Logon ID: (0x0,0x3E4)
Caller Process ID: 3516
Transited Services: -
Source Network Address: -
Source Port: -

I have done several searches on the net and get several different explanations, most of them being Viral, but i've done virus checks and nothing comes up....

I have tried searching for the file and i find a couple but one website said not to delete them.

Does anyone know what this is and how to stop it?!

Regards
James

James O'Neill BSc (Hons) MBCS
IT Manager UK & Ireland
Saint-Gobain Ecophon Ltd
 
Have you run MBSA on that Workstation & the DC ...... might have something to do with IIS [ponder]

<Do I need A Signature or will an X do?>
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top