AD Migration to 2008 R2 - Pre-Authentication failure for some AD user accounts Event ID: 4771 Failure Code: 0x18

• miércoles, 27 de junio de 2012 9:30

   

   
  

  0

  Dear Fellows,

  Immediately after Migrating an Active Directory 2003 to Active Directory 2008 R2 environment (including Forest Functional Level raise to 2008 R2) we are getting Pre-Authentication failure for some of the accounts. On the DC, Event ID 4771 is logged with a Failure Code of 0x18.

  None of these accounts are allowing for interactive logons. No password change has been made for any of these accounts since last 6 months (or more) and all these accounts are configured to not expire the password. Once we change/reset the password manually user accounts are good for logging in through interactive logon.

  Seems like the tgt tickets for all these accounts are not valid anymore and we need to renew them by changing the password. am i right?

  One thing to highlight is that all of these domain accounts were created using SAP installation itself and were working perfect so far. there are many services for the SAP servers which are running using these accounts. I have verified all the attributes of this SAP-created account and a manual created domain user account and couldn't find any difference.

  Is there any thing we should consider when it comes to Windows Server 2008 R2 based Active Directory and Forest Functional Level "Windows Server 2008 R2"

  Any help/idea in this regard would be highly appreciated.

  ---

  Junaid Ahmed

  
  
  

  • Editado J.Ahmed miércoles, 27 de junio de 2012 9:31
  • Editado J.Ahmed miércoles, 27 de junio de 2012 9:38
  •  
  • Responder
  • Citar