Situation: Account keeps getting locked out after a password change. Event log points back to a certain PC. User isn’t logged on to PC and we see the account trying to access LDAP on a certain DC.
Event ID 40960 in System Log for LSA (LsaSrv)
The Security System detected an authentication error for the server LDAP/DC. The failure code from authentication protocol Kerberos was “The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
(0xc0000234)”.
Event ID 14 in Security Log for Security-Kerberos
The password stored in Credential Manager is invalid. This might be caused by the logged on user changing the password from this computer or a different computer. To resolve this error, open Credential Manager in Control Panel, and reenter the password for the credential
Fix:
- Get on the PC that is locking the account and download psexec (http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx)
- Copy the psexec.exe to C:\windows\system32
- Open cmd prompt as Admin and run psexec -i -s -d cmd.exe
- Once the new prompt opens run rundll32 keymgr.dll,KRShowKeyMgr
- A new window will pop up showing the credential manager for the System account of the computer. Clear out any credentials saved here(Note you should see the account here that was being locked out)