[ gogi100 @ 29.06.2022. 10:28 ] @
domenska mreza win server 2008: primarni AD win server 2008 sve role na njemu, sekundarni win server 2012 i jos jedan dc win server 2012. Promenio sam lozinku na Administrator nalogu i nalog je poceo stalno da se zakljucava jer koje kakve aplikacije, taskovi itd da se prijave sa ovim nalogom. Primenio sam fine grain policy i iskljucio zakljuavanje, naloga, ali ovi pokusaji prijave sa admin nalogom idu u nedogled. Na primarnom DC dolaze stalno u Security logu event-i 4771, sa druga dva domen kontrolera, kao

Citat:

Kerberos pre-authentication failed.

Account Information:
Security ID: domen\Administrator
Account Name: Administrator

Service Information:
Service Name: krbtgt/domen

Network Information:
Client Address: ::ffff:192.168.99.55
Client Port: 57338

Additional Information:
Ticket Options: 0x40810010
Failure Code: 0x18
Pre-Authentication Type: 2

Certificate Information:
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:

Certificate information is only provided if a certificate was used for pre-authentication.

Pre-authentication types, ticket options and failure codes are defined in RFC 4120.

If the ticket was malformed or damaged during transit and could not be decrypted, then many fields in this event might not be present.


Takodje u directory service logu dobijam event 1083 i 1955
kao

Citat:

Active Directory Domain Services encountered a write conflict when applying replicated changes to the following object.

Object:
CN=Administrator,OU=ServiceAccounts,DC=domen,DC=com
Time in seconds:
0

Event log entries preceding this entry will indicate whether or not the update was accepted.

A write conflict can be caused by simultaneous changes to the same object or simultaneous changes to other objects that have attributes referencing this object. This commonly occurs when the object represents a large group with many members, and the functional level of the forest is set to Windows 2000. This conflict triggered additional retries of the update. If the system appears slow, it could be because replication of these changes is occurring.

User Action
Use smaller groups for this operation or raise the functional level to Windows Server 2003.

i log

Citat:

Active Directory Domain Services could not update the following object with changes received from the directory service at the following network address because Active Directory Domain Services was busy processing information.

Object:
CN=Administrator,OU=ServiceAccounts,DC=domen,DC=com
Network address:
d183b5ab-921e-4861-86f5-1ede5a632382._msdcs.domen.com

This operation will be tried again later.


sta da uradim da sprecim da ova dva domen kontrolera prestanu da pokuavaju sa administrator nalogom, ili gde ukucati novu lozinku kako se ovo vise ne bi pojavljivalo