Hi, hope someone can help im pulling my hair out here
I have a user that keeps getting locked out every couple of hours i have looked at what DC server the account is getting locked out on and checked the event veiwer it told me the Server that is sending the wrong credentials, the server that is sending the wrong credentials is a Citrix server so i thought id got it, log the user off the session and done but no, the user had no session on the server and no processes/services running under their name. i checked the event viewer for the entry and found that the process that's causing the issue is "Winlogon.exe" yet there is no processes running for the user.
"
A logon was attempted using explicit credentials.
Subject:
Security ID:SYSTEM
Account Name:CTXSERVER
Account Domain:XXXX
Logon ID:0x3e7
Logon GUID:{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:UserA
Account Domain:XXXX
Logon GUID:{XXXXXXXXXXXXXXXXXXXXX}
Target Server:
Target Server Name:localhost
Additional Information:localhost
Process Information:
Process ID:0x3a548
Process Name:C:\Windows\System32\winlogon.exe
Network Information:
Network Address:127.0.0.1
Port:65409
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
"
Any Ideas?
I have a user that keeps getting locked out every couple of hours i have looked at what DC server the account is getting locked out on and checked the event veiwer it told me the Server that is sending the wrong credentials, the server that is sending the wrong credentials is a Citrix server so i thought id got it, log the user off the session and done but no, the user had no session on the server and no processes/services running under their name. i checked the event viewer for the entry and found that the process that's causing the issue is "Winlogon.exe" yet there is no processes running for the user.
"
A logon was attempted using explicit credentials.
Subject:
Security ID:SYSTEM
Account Name:CTXSERVER
Account Domain:XXXX
Logon ID:0x3e7
Logon GUID:{00000000-0000-0000-0000-000000000000}
Account Whose Credentials Were Used:
Account Name:UserA
Account Domain:XXXX
Logon GUID:{XXXXXXXXXXXXXXXXXXXXX}
Target Server:
Target Server Name:localhost
Additional Information:localhost
Process Information:
Process ID:0x3a548
Process Name:C:\Windows\System32\winlogon.exe
Network Information:
Network Address:127.0.0.1
Port:65409
This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
"
Any Ideas?