Failure Audit 680Locked
I was going through our security logs on the exchange machine, and I noticed an insane amount of failure audit 680 events. I’m fairly new to the field, so after a few days of troubleshooting, I figured I’d reach out and see if anyone had suggestions.
The error code we’re getting is 0xc0000064 – which according to Microsoft documentation means the user account doesn’t exist. But the logon accounts that are failing are all actual users we have.
So far, I’ve tried changing the IIS metabase NtAuthenticationProviders from “NTLM”, to “Negotiate, NTLM”.
Then, I changed the security settings on a user’s outlook to just NTLM authentication.
I also changed the email server settings to “trusted for delegation” on the domain controllers active directory user and computer properties.
No luck. The one thing i may try is applying this hotfix: http://support.microsoft.com/kb/942636
But I wanted to see if anyone else had any other ideas before I moved forward.
Thanks in advance!