Problem : The Active DIrectory user account locks by itself every few minutes.
I have one user in a midsize company whose AD user account gets locked for invalid password or logon attempts even though I come in and manually unlock it, it gets locked in 3 minutes again automatically.
Here are the errors from her computer’s system event log: (They also repeat the errors for 4-5 servers including exchange on the network)
Warning. Source: LSASRV Category: SPNEGO (Negotiator) Event ID: 40960
The Security System detected an attepted downgrade attack for server cifs/”server.domain”. The failure code from authenticating protocol kerberos was “The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested”. (0xc0000234)
Warning. Source: LSASRV Category: SPNEGO (Negotiator) Event ID: 40961
The Security system could not establish a secured connection with the server cifs/”server/domain”. No authentication protocol was available.
Does anyone know what it could be,
Solution: The Active DIrectory user account locks by itself every few minutes.
so it was a service using cached credentials as initially postulated lol wish we knew about tech iphone earlier when asked what she logs into but alls well that ends well please close question as you deem appropriate