Question : Administrator Account is getting locked out

Hello,

I've encountered an odd issue. It all began about three weeks ago. The administrator account's password expired and I changed it. Since that point my event log is filled with logon failures and the Administrator account is actually getting locked out, something that I didn't know was possible. I have changed the admin password before with no issues so I don't quite understand what is wrong here. The system is a Server 2003 box running as a PDC w/ Exchange installed on it and IIS running for OWA.

The thing that worries me most, however, is the Event 529 failures. The domain listed is not the name of my domain and the workstation name listed is not tied to any of the computers here. The 2003 box is sitting behind a Watchguard Firebox and I can't see any oddities in the the firewall logs.
Below are the error/failure logs I am recieving. The first two, 529 & 680, are logon related. The last, 40961, is a warning that continues to pop up.

Any help on the matter would be greatly appreciated.

--------------------------------------------------------------------------
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      529
Date:            4/12/2005
Time:            9:49:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      PDC
Description:
Logon Failure:
     Reason:            Unknown user name or bad password
     User Name:      Administrator
     Domain:            ?????????????
     Logon Type:      3
     Logon Process:      NtLmSsp
     Authentication Package:      NTLM
     Workstation Name:      ???????????????
     Caller User Name:      -
     Caller Domain:      -
     Caller Logon ID:      -
     Caller Process ID:      -
     Transited Services:      -
     Source Network Address:      -
     Source Port:      -

-------------------------------------------------------------------
Event Type:      Failure Audit
Event Source:      Security
Event Category:      Account Logon
Event ID:      680
Date:            4/12/2005
Time:            9:49:14 AM
User:            NT AUTHORITY\SYSTEM
Computer:      PDC
Description:
Logon attempt by:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account:      Administrator
Source Workstation:      ????????????????????
Error Code:      0xC000006A

----------------------------------------------------------------------------------
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40961
Date:            4/12/2005
Time:            7:24:15 AM
User:            N/A
Computer:      PDC
Description:
The Security System could not establish a secured connection with the server DNS/usa1.usent.local. No authentication protocol was available.

Answer : Administrator Account is getting locked out

PAQed with points (500) refunded

DarthMod
Community Support Moderator

Random Solutions

Citrix Best Practice

html email background images and outlook

ORACLE vs. MS-SQL

Transaction log full-- insert into table1 select * from table2

reindexing sysobjects

Export Exchange 2003 mailboxes to PST

"Send As" from Entourage 2004 or OWA Light via Exchange 2007

Microsoft, Server 2003, Remote Desktop/Terminal Services no longer works after cloning drive.

Dial-up Network screen keeps popping up

Multiple Like Statements -- more effiicient?