(imported topic written by SystemAdmin)
Hi,
My BES admin and I are banging our heads trying to figure out why, after changing my password on AD, the BES server, which I do not directly access, keeps trying to authenticate w/ my account and locking it out. After a long process of elimination and determining that my account locks out even with all of my devices OFF, we looked at our DC logs and noticed that the incorrect authentication was coming from the IP of our BES server.
The logs on the BES server show this every 10 minutes:
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/20/2011 1:35:29 PM
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
User: N/A
Computer: BESSERVERNAMEHERE.DOMAIN.EDU
Description:
An account failed to log on.
Subject:
Security ID: DS\bigfix
Account Name: bigfix
Account Domain: DS
Logon ID: 0x719cbe39
Logon Type: 8
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: myadaccountnamehere
Account Domain: ds
Failure Information:
Failure Reason: Unknown user name or bad password.
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x99c
Caller Process Name: D:\Program Files\BigFix Enterprise\BES Server\BESWebReportsServer.exe
Network Information:
Workstation Name: BESSERVERNAMEHERE
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
Although I have created a couple of web reports, none of them are “scheduled.” We use AD authentication for the BES console, but again, the lockout occurs every 10 minutes even with my machines off.
Any ideas?
Thanks,
Paul Kobres