none
IT运维工程师 RRS feed

  • 问题

  • 你好:

    我公司部分域用户频繁账号被锁定。我使用lockoutstatus工具查看在这台服务器上Orig Lock :PSGHLNTS002,。然后我在PSGHLNTS002服务器上查看事件日志,发现审核失败的日志信息显示账号是在[10.66.0.148]这台设备上验证失败。我们这台设备是虚机,原来有跑过系统,但目前早已下线停止使用了。感觉这个问题很奇怪。ping 10.66.0.148,也是time out.请指点如何找到域用户频繁锁定的原因。谢谢!

    附日志信息

    Event ID:4771    logged:7/15/2020 6:51:21PM

    Kerberos pre-authentication failed.

    Account Information:
    Security ID: IROOTECH\zhiyuan.zhou
    Account Name: zhiyuan.zhou

    Service Information:
    Service Name: krbtgt/IROOTECH.COM

    Network Information:
    Client Address: ::ffff:10.66.0.148
    Client Port: 14185

    Additional Information:
    Ticket Options: 0x40810010
    Failure Code: 0x18
    Pre-Authentication Type: 2

    Certificate Information:
    Certificate Issuer Name:
    Certificate Serial Number:
    Certificate Thumbprint:

    Certificate information is only provided if a certificate was used for pre-authentication.

    Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

    If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.



    • 已编辑 byst 2020年7月15日 12:14
    2020年7月15日 12:06

全部回复