AD Migration to 2008 R2 - Pre-Authentication failure for some AD user accounts Event ID: 4771 Failure Code: 0x18
miércoles, 27 de junio de 2012 9:30
Immediately after Migrating an Active Directory 2003 to Active Directory 2008 R2 environment (including Forest Functional Level raise to 2008 R2) we are getting Pre-Authentication failure for some of the accounts. On the DC, Event ID 4771 is logged with a Failure Code of 0x18.
None of these accounts are allowing for interactive logons. No password change has been made for any of these accounts since last 6 months (or more) and all these accounts are configured to not expire the password. Once we change/reset the password manually user accounts are good for logging in through interactive logon.
Seems like the tgt tickets for all these accounts are not valid anymore and we need to renew them by changing the password. am i right?
One thing to highlight is that all of these domain accounts were created using SAP installation itself and were working perfect so far. there are many services for the SAP servers which are running using these accounts. I have verified all the attributes of this SAP-created account and a manual created domain user account and couldn't find any difference.
Is there any thing we should consider when it comes to Windows Server 2008 R2 based Active Directory and Forest Functional Level "Windows Server 2008 R2"
Any help/idea in this regard would be highly appreciated.
Todas las respuestas
miércoles, 27 de junio de 2012 9:35
There are many other accounts manually created in Active Directory with password never expired configured and they are working perfect.
We can change the passwords for those SAP service accounts but that will require great deal of efforts to configure on all the SAP servers for the services configured. So we want to dig out to the actual issue causing it.
jueves, 28 de junio de 2012 6:22ModeradorHi Junaid,
Thanks for posting in Microsoft TechNet forums.
Is the "user must change password at next login" option checked during the Migration?
In the meantime, please check the article below to see if it can be helpful during our troubleshooting:
Troubleshooting Password Migration Issues
- Marcado como respuesta K_evin ZhuMicrosoft Contingent Staff, Moderator martes, 03 de julio de 2012 1:56