Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

unknown username or bad password

Status
Not open for further replies.
crows27

crows27

MIS
Sep 4, 2001
80
0
0
US
I'm getting bad username or password logged in the security event log occasionally for different users but mainly one. This happens even when they are already logged into the network.

Desktops: win98 SE with AC Client extention and updated Antivirus
Windows 2000 DC with SP2 and hotfix rollout, (DNS Server)
Windows 2000 File server with SP2 and hotfix rollout (WINS server)

I have spoken with microsoft about the Q272594 artictle and they sent me their hotfix. I applied it on the one workstation where i see it the most but i still get Logon to Account (user) by MS_Authentication_Package_VI from station (user's station) with error code 32212255786036 (bad or misspelled password).

Occasionally i also get the bad username or password (event 529)

I've done a full scan with 2 antivirus programs (both current) and haven't found anything. I was checking for possible trojans.

Has anybody else noticed this on their network??

thanks.
 
Sort by date Sort by votes
Yes I have a similair problem. At one of my sites, I have WinNT 4 WS that are doing the same thing. Sorry I have not found a solution yet. Except to upgrade to W2K.
 
Upvote 0 Downvote
Abrannon,

To give you some information i've found:

I had domain security policy setup to lock accounts after 5 attempts (reading KB article 264678 explains why it was happening prior to 5 attempts).

There is one application on the network that requires User ID and Password to enter. I've noticed a trend in the logging of event 529 and 681 over the past few days. The event is logged as bad password or username when they enter THAT program. I've had some problems with that application so users don't always enter the first time around.

From what i've gathered there were three problems. One being the way the DC handles and releases authentication tickets (to be fixed by hotfix Q272594), the way DC authenticates the user for the resource (kerberos then NTLM) which actually results in two failed attempts instead of one, and the 3rd party application requiring logon credentials (Q272065)

That's what i've surmised thus far.
 
Upvote 0 Downvote
thanks for what you have gotten so far crows27

i also have been getting the same erros but i have not been overly concerned about them maybe i should



sysadmin
funjobs.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
53
strongm
strongm
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
79
technome
technome
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
73
StevenFromSouth
StevenFromSouth
penguinroundup
  • Locked
  • Question
programmatically delete all saved passwords for IE for any user
Replies
0
Views
50
penguinroundup
penguinroundup

Part and Inventory Search

Sponsor

Back
Top