Resolved Attempted Downgrade Attack

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hope someone can help me with this little problem:

The Security System detected an attempted downgrade
attack for server xxxxxxx. The failure code from
authentication protocol Kerberos was "The user account
has been automatically locked because too many invalid
logon attempts or password change attempts have been
requested.

The account will be locked out until i reset his password.
Nothing in event viewer that can pin point the possible
cause of this. The last thing i want is to wipe the HDD
and resinstall.

At first i thought it was a virus, but our virrus/malware
scanner comes up empty.
I'm thinking a service might be causing this problem
but if anyone has a suggestions will be much appreciated!

Dave

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Service account password been changed recently and not all machines updated with the new password?
You should be able to tell by the account name whether it's a service account or not (assuming you know all your service accounts).

It could also be an existing terminal session thats logged in but disconnected, or even a share using those credentials.

 

Thanks, we finally solved the problem. There were 2 services running that was attempting to authenticate with the server which triggered the lock out of the account.

Dave