你好:
我公司部分域用户频繁账号被锁定。我使用lockoutstatus工具查看在这台服务器上Orig Lock :PSGHLNTS002,。然后我在PSGHLNTS002服务器上查看事件日志,发现审核失败的日志信息显示账号是在[10.66.0.148]这台设备上验证失败。我们这台设备是虚机,原来有跑过系统,但目前早已下线停止使用了。感觉这个问题很奇怪。ping 10.66.0.148,也是time out.请指点如何找到域用户频繁锁定的原因。谢谢!
附日志信息
Event ID:4771 logged:7/15/2020 6:51:21PM
Kerberos pre-authentication failed.
Account Information:
Security ID:
IROOTECH\zhiyuan.zhou
Account Name:
zhiyuan.zhou
Service Information:
Service Name:
krbtgt/IROOTECH.COM
Network Information:
Client Address:
::ffff:10.66.0.148
Client Port:
14185
Additional Information:
Ticket Options:
0x40810010
Failure Code:
0x18
Pre-Authentication Type:
2
Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Certificate information is only provided if a certificate was used for pre-authentication.
Pre-authentication types, ticket options and failure codes are defined in RFC 4120.
If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.
