Hello,
We have different domains with trusts. In those different domains we have same username used.
The username are the same but not the account (SID) because we are in different domains (passwords are different too of course).
The problem is that a domain account is locked every 10 minutes. Example: The username "Microsoft\ServiceUser" try to authenticate itself threw a domain controler which is not the right one. Instead of initiating the connexion threw "Microsoft" Domain Controller
it try to authenticate threw "Passeport" domain controller.
The result is that "Passeport\ServiceUser" is locked because of "Microsoft\ServiceUser" false authentications in Passeport domain.
Event on Passeport Domain controller:
Source: Security
Event id: 681
The logon to account: ServiceUser
by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
from workstation: YSRV019S
failed. The error code was: 3221226036
OR:
Source: Security
Event id: 539
Logon Failure:
Reason: Account locked out
User Name: ServiceUser
Domain: Passeport
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: YSRV019S
The Passeport Domain controller are Microsoft Windows 2000 Service Pack 4. YSRV019S is on Microsoft Windows Server 2003 Standard Edition Service pack 2.
Could you help please ?
