Share via

domain user lock

Shlomi Zanzuri 0 Reputation points
2024-07-04T08:53:27.17+00:00

Hi,

I have domain User that keep getting lock, I disable active sync from is mobile, deleted is mail account on is phone, disable access to VPN, deleted all save password from the terminal and is laptop.

this is the massage error 4625 that generated mostly on exchange server:

An account failed to log on.

Subject:

Security ID:		SYSTEM

Account Name:		LEDICO-EXCHANGE$

Account Domain:		DOMAIN

Logon ID:		0x3E7

Logon Type: 8

Account For Which Logon Failed:

Security ID:		NULL SID

Account Name:		orit.sagi

Account Domain:		domain

Failure Information:

Failure Reason:		Unknown user name or bad password.

Status:			0xC000006D

Sub Status:		0xC000006A

Process Information:

Caller Process ID:	0x288f8

Caller Process Name:	C:\Windows\System32\inetsrv\w3wp.exe

Network Information:

Workstation Name:	LEDICO-EXCHANGE

Source Network Address:	10.0.0.1

Source Port:		59881

Detailed Authentication Information:

Logon Process:		Advapi  

Authentication Package:	Negotiate

Transited Services:	-

Package Name (NTLM only):	-

Key Length:		0

any suggestion?

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,237 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 21,276 Reputation points Microsoft Vendor
    2024-07-04T12:50:25.1233333+00:00

    Hello Shlomi Zanzuri,

    Thank you for posting in Q&A forum.

    Based on the description, it seems the domain account keep getting locked is "orit.sagi", am I right?

    And this account is locked on Workstation Name (LEDICO-EXCHANGE) with Source Network Address (10.0.0.1). You can logon this machine and check if the Process named w3wp.exe (C:\Windows\System32\inetsrv) remembers the wrong username and password about this account.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments
  2. Shlomi Zanzuri 0 Reputation points
    2024-07-07T13:12:08.16+00:00

    Hi,

    First thank u for the quick replay.

    you correct about the username been lock it's orit.sagi, but the "computer" is a server, exchange server with different Address IP, and the process w3wp.exe is open serval times on the server, but with user System not orit.sagi.

    I even Disabled her Mail account, to check maybe the user keeps getting lock by "bad" Ost file.

    Best regards,

    Shlomi Zanzuri.