This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 97%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
I've got many user's lockout my limit is 20 bad password As you can see in the picture the event 4776 is present many times in the same minute it can't be an user attempt. Netlogon log are registering the pid but it is not possible catch it in the destination computer , the process associated is gone after the bad password event. Moreover on the client machine there is not in security event the error replicated i've done the same conclusions of Mr. Joe Alves here https://social.technet.microsoft.com/Forums/en-US/64c744f7-265c-46d4-a59e-35bafc17e3fd/kerberos-preauth-lockouts?forum=winserversecurity But I don't understand what it means whe he says "To fix it I created a normal domain account and used that on both servers." there is a particular procedure to follow? my accounts are all created with Active Direcry User and Computer ... Thank you Luca ![79631-image.png][1] [1]: /api/attachments/79631-image.png?platform=QnA
So now I'm in a dead end.
If DisableDomainCreds is active the actual credentials are not cashed so it means that if the laptop's user is at home he cannot login to his computer also if CachedLogonsCount is set to 100!