Why doesn't a user get locked out after a number of invalid password attempts greater than the domain account lockout policy?

We have an account lockout policy of 5 bad password attempts but we’re seeing users presenting bad passwords up to several thousand times in the span of 15 minutes. I’m concerned about whether the policy is active or if we have a possible brute force password attack being attempted.   After investigating this closer we…

0

The Dark Side of Virtualization

Over the years I’ve been engaged in several AD disaster recovery scenarios where things ultimately boiled down to the same root cause; a single point of failure had been introduced into the IT environment.  When the single point of failure failed catastrophically – it consequently took down the entire environment with it. With good backups…

3

Event ID 29 when starting KDC service on Windows Server 2008 R2 DC's

I got the following escalation the other week: We’re getting Event ID 29 on our new W2k8 R2 DC’s – our W2k3 DC’s in the same domain that do not get any error use Domain Controller Authentication certificates from the same SubCA and running certutil –verify –urlfetch <exported DC cert.cer> seems to verify all CDP…

0

The CA certificate that disappeared after the CMOS battery died

A colleague on our PKI Server alias got the following question from a partner: Our newly installed Windows Server 2008 R2 CA server got the time settings on it accidentally reset back to the BIOS defaults (1/1/2011) when the batteries on the motherboard were temporarily removed. When the CA server was restarted afterwards we noticed that…

0

Why is autoenrollment only happening if initiated manually through the MMC?

We resolved the following case recently: On our W2k8 R2 Domain Controllers, autoenrollment is not working even if all the permissions are correct and the CA’s are allowed to issue the correct templates.  The funny thing is that if we open the Certificates MMC snap-in, right-click the Certificates node, choose All Tasks/Automatically Enroll and Retrieve…

0

Automatic logon to RDS using Smartcards with multiple certificates (with or without TS Gateway)

Got the following escalation recently from a customer that was implementing TS Gateway and smartcards with multiple logon certificates: When we connect with RemoteApp from our external workstations to the internal Terminal Server SSO seems to work fine if there is only one logon certificate present on the smartcard.  If there are two logon certificates…

0

Remote EFS decryption and Trusted for Delegation requirements

One of our customers reported the following: We have been evaluating EFS on Windows 7 as part of our upgrade from Windows XP project and have discovered that if you share a folder and encrypt a file within it locally, the same user is able to decrypt it remotely without the workstation being trusted for…

1

AD Recycle Bin and the conspicuously cloned user accounts conundrum

AD Users & Computers has a relatively unknown functionality that is exposed when you create a new user and the password that you enter doesn’t meet the password complexity requirements as defined for the domain. When you press the Finish button on the last screen of the ‘Create new user’ wizard, ADUC creates the user…

2

What happens when a group is deleted

A Critsit from a large enterprise customer came in the other day, problem description was as follows: We’ve deleted a test group that contained 25000 users, now our 3rd party login script which looks at group membership for users and performs action based on which groups they are in is failing when it encounters the…

0

The magical 2 minute logon delay mystery

Some time ago I had an interesting escalation where the problem description was as following: I’m running a Citrix Metraframe Presentation Server farm with around 20 servers in it, after about 2 days my users start getting a logon delay of *exactly* 2 minutes.If I reboot the server everything returns back to normal but the…

7