Hi Guys,
I am struggling to determine the root cause of a users account lockouts and need some help, its driving me mad.
Using this command repadmin /showmeta 'DN of user', I can see the last domain controller where the user was locked out, but unfortunately I get the mysterious blank 'Caller Comptuer Name' in the Event ID 4740 so I cannot determine the exact source of the lockouts. If I filter the event logs for Event ID 4776 Audit Failures around the time of the lockout, I can see the source workstation as one of the domain controllers but also a few events with a blank source workstation.
If I filter the suspect domain controller for Event ID 4776 audit fail
ures, I can see the failures occuringly quite reguarly with Source workstation of the same suspect domain controller:
Event ID 4776 Keywords: Audit Failure
The computer attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: firstname.lastname
Source Workstation: SuspectDomainController
Error Code: 0xc000006a
Does anyone know why a DC would be locking out a user. I am stumped! Thanks