General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
User account lockout issue
The login attempts are coming from machines and ip addresses that are not part of my network and I have no idea how they are attempting to log in because the network is private and behind a firewall that is showing no traffic from the IP address listed in the event logs
This is copied directy from the event log on the Domain controller.
The user account is a valid Domain account for one of my users, but the workstation name is not, nor is the IP address.
This occurs 2 or 3 times per day where a foreign system attempts to log in to almost all of the domain accounts repeatedly with an incorrect password. This action locks them out.
I have searched and scanned with rootkit discovery tools, antivirus and trojan dectection tools and so far I have come up empty.
Any help is greatly appreciated
Logon Failure:
Reason: Unknown user name or bad password
User Name: tsrigley
Domain: 78GWAC9
Logon Type: 3
Logon Process: NtLmSsp
Authentication Package: NTLM
Workstation Name: 78GWAC9
Caller User Name: -
Caller Domain: -
Caller Logon I
Caller Process I
Transited Services: -
Source Network Address: 130.13.72.61
Source Port: 0
For more information, see Help and Support Center at