My domain controller keeps trying to login to my account and keeps locking account

My windows account is constantly getting locked out. After running several account lockout tools and examining the event viewer, it appears as if my domain controller is trying to login to my user account. I think I am reading this correctly. Why is this and how can I stop it. I have added a log from the account examiner tool I have used to determine this. DELL-DC2 is my domain controller. I looked at the event viewer on this device and there was an audit failure with the domain controller being the target workstation.

Examining computer DELL-DC2 for potential usage of stale credentials for CVCHCSalongeC…
Examining COM objects ok, nothing found
Examining Windows services… ok, nothing found
Examining scheduled tasks... ok, nothing found
Examining logon sessions... ok, nothing found
Examining network drive mappings… ok, nothing found
Examining invalid logons...
Last 13 invalid logons:from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:42:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:37:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:32:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:27:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:22:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 3:17:41 PM
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:22:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:17:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:12:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:07:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:02:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 9:57:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
from 10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 9:52:38 AM
To view detailed information on logons, enable Failure Audit logon policy on the target workstation
Done



check the services that are running on that server your account may be there



check the services that are running on that server your account may be there



All the services are logged on as either network or local.



upon re-reading it isn't the domain controller that is trying to login as you but it is trying to authenticate your account for a request by something else.
open the event security logs on DC2 and go to the entry @ 3/14/15 10:17am
10.100.90.6 (\DELL-DC2.cvhs.lan) at 3/14/2015 10:17:38 AM



It says the source workstation is the domain controller. Credential validation - The computer attempted to validate credentials for an account. error code 0xc0000234



Closing issue.

Share this

Related Posts

There was an error in this gadget