[ gogi100 @ 29.06.2022. 10:28 ] @
domenska mreza win server 2008: primarni AD win server 2008 sve role na njemu, sekundarni win server 2012 i jos jedan dc win server 2012. Promenio sam lozinku na Administrator nalogu i nalog je poceo stalno da se zakljucava jer koje kakve aplikacije, taskovi itd da se prijave sa ovim nalogom. Primenio sam fine grain policy i iskljucio zakljuavanje, naloga, ali ovi pokusaji prijave sa admin nalogom idu u nedogled. Na primarnom DC dolaze stalno u Security logu event-i 4771, sa druga dva domen kontrolera, kao Citat: Kerberos pre-authentication failed. Account Information: Security ID: domen\Administrator Account Name: Administrator Service Information: Service Name: krbtgt/domen Network Information: Client Address: ::ffff:192.168.99.55 Client Port: 57338 Additional Information: Ticket Options: 0x40810010 Failure Code: 0x18 Pre-Authentication Type: 2 Certificate Information: Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: Certificate information is only provided if a certificate was used for pre-authentication. Pre-authentication types, ticket options and failure codes are defined in RFC 4120. If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present. Takodje u directory service logu dobijam event 1083 i 1955 kao Citat: Active Directory Domain Services encountered a write conflict when applying replicated changes to the following object. Object: CN=Administrator,OU=ServiceAccounts,DC=domen,DC=com Time in seconds: 0 Event log entries preceding this entry will indicate whether or not the update was accepted. A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring. User Action Use smaller groups for this operation or raise the functional level to Windows Server 2003. i log Citat: Active Directory Domain Services could not update the following object with changes received from the directory service at the following network address because Active Directory Domain Services was busy processing information. Object: CN=Administrator,OU=ServiceAccounts,DC=domen,DC=com Network address: d183b5ab-921e-4861-86f5-1ede5a632382._msdcs.domen.com This operation will be tried again later. sta da uradim da sprecim da ova dva domen kontrolera prestanu da pokuavaju sa administrator nalogom, ili gde ukucati novu lozinku kako se ovo vise ne bi pojavljivalo |