Bra sida som beskriver sätt att felsöka konton som låses ut hela tiden...
http://msexchangeguru.com/2012/03/08/ad-lockout/
Bra saker att testa på klient datorer
1. töm Credential manager i kontrollpanelen
2. töm allt under: rundll32.exe keymgr.dll, KRShowKeyMgr
0xc000006a - An invalid attempt to login has been made by the following user.
0xc0000234 - The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested.
|
Kerberos RFC description
|
Notes on common failure codes
|
||
|
Dec
|
Hex
|
||
|
1
|
0x1
|
Client's entry in database has expired
|
|
|
2
|
0x2
|
Server's entry in database has expired
|
|
|
3
|
0x3
|
Requested protocol version # not supported
|
|
|
4
|
0x4
|
Client's key encrypted in old master key
|
|
|
5
|
0x5
|
Server's key encrypted in old master key
|
|
|
6
|
0x6
|
Client not found in Kerberos database
|
Bad user name, or new computer/user account has not replicated to DC yet
|
|
7
|
0x7
|
Server not found in Kerberos database
|
New computer account has not replicated yet or computer is pre-w2k
|
|
8
|
0x8
|
Multiple principal entries in database
|
|
|
9
|
0x9
|
The client or server has a null key
|
administrator should reset the password on the account
|
|
0xA
|
Ticket not eligible for postdating
|
|
|
|
0xB
|
Requested start time is later than end time
|
|
|
|
0xC
|
KDC policy rejects request
|
Workstation/logon time restriction
|
|
|
0xD
|
KDC cannot accommodate requested option
|
|
|
|
0xE
|
KDC has no support for encryption type
|
|
|
|
0xF
|
KDC has no support for checksum type
|
|
|
|
0x10
|
KDC has no support for padata type
|
|
|
|
0x11
|
KDC has no support for transited type
|
|
|
|
0x12
|
Clients credentials have been revoked
|
Account disabled, expired, or locked out.
|
|
|
0x13
|
Credentials for server have been revoked
|
|
|
|
0x14
|
TGT has been revoked
|
|
|
|
0x15
|
Client not yet valid - try again later
|
|
|
|
0x16
|
Server not yet valid - try again later
|
|
|
|
0x17
|
Password has expired
|
The user’s password has expired.
|
|
|
0x18
|
Pre-authentication information was invalid
|
Usually means bad password
|
|
|
0x19
|
Additional pre-authentication required*
|
|
|
|
0x1F
|
Integrity check on decrypted field failed
|
|
|
|
0x20
|
Ticket expired
|
Frequently logged by computer accounts
|
|
|
0x21
|
Ticket not yet valid
|
|
|
|
0x21
|
Ticket not yet valid
|
|
|
|
0x22
|
Request is a replay
|
|
|
|
0x23
|
The ticket isn't for us
|
|
|
|
0x24
|
Ticket and authenticator don't match
|
|
|
|
0x25
|
Clock skew too great
|
Workstation’s clock too far out of sync with the DC’s
|
|
|
0x26
|
Incorrect net address
|
IP address change?
|
|
|
0x27
|
Protocol version mismatch
|
|
|
|
0x28
|
Invalid msg type
|
|
|
|
0x29
|
Message stream modified
|
|
|
|
0x2A
|
Message out of order
|
|
|
|
0x2C
|
Specified version of key is not available
|
|
|
|
0x2D
|
Service key not available
|
|
|
|
0x2E
|
Mutual authentication failed
|
may be a memory allocation failure
|
|
|
0x2F
|
Incorrect message direction
|
|
|
|
0x30
|
Alternative authentication method required*
|
|
|
|
0x31
|
Incorrect sequence number in message
|
|
|
|
0x32
|
Inappropriate type of checksum in message
|
|
|
|
0x3C
|
Generic error (description in e-text)
|
|
|
|
0x3D
|
Field is too long for this implementation
|
|
|
