5

After a password change on my account, I keep getting locked out by exchange with this error on our domain controller:

Pre-authentication failed:
User Name:  william
User ID:        [domain]\william
Service Name:   krbtgt/[domain]
Pre-Authentication Type:    0x2
Failure Code:   0x18
Client Address: [exchange IP]

I've already looked into:

  • My cellphone, updated the account, and even removed the account.
  • Services/tasks on the server running as me (there are none).
  • SMTP traffic to the mail server (there is none during this).
  • Any requests to the server (using wireshark, the kerberos request just comes out of nowhere every 60 seconds).
  • Disabled pre-auth on the account.
  • Rolled back my password to the old password.
  • Disconnecting my mailbox.

Any ideas? I'm looking to schedule a reboot tonight, but this is rough, I can't get anything done.

StrangeWill
  • 541
  • 5
  • 16
  • Other software or services on the Exchange server that would use your account? Still logged in to an old RDP session? – TheCleaner Apr 30 '13 at 18:00
  • Logged out of all RDP sessions, verified from 2nd account. No software or services running as my account. – StrangeWill Apr 30 '13 at 18:02
  • In your Exchange mailbox, any additional mobile devices? Maybe an iPad or similar? If not, that's all I can think of. – TheCleaner Apr 30 '13 at 18:14
  • Removed all devices from my Exchange mailbox just to be sure (had my old phone on there too). – StrangeWill Apr 30 '13 at 18:23
  • If it really bugs you that much, create a GPO to override the default Account Lockout Policy settings. You can use the `badPasswordTime` attribute on your user account to see whether the issue persists while you troubleshoot – Mathias R. Jessen Apr 30 '13 at 21:14
  • Look at your desktop (assume Windows 7) | Control Panel | Windows Card Space. Do you have anything cached ? if so remove it. – knothead Apr 30 '13 at 17:34
  • Nope, don't have any cards to cache. – StrangeWill Apr 30 '13 at 17:36

1 Answers1

1

Turned out to be AppAssure, it doesn't throw any errors when auth fails, and it doesn't log anything when it can't mount the exchange datastore, so looking through services/event logs/tasks/AppAssure console didn't show anything.

StrangeWill
  • 541
  • 5
  • 16
  • 1
    Backup Software should definitely not be running as your user account, nor any user's account. It should have it's own service account (if it can't run as the local system). – Chris S May 01 '13 at 13:52
  • It wasn't running as, which made it harder to hunt down, it was credentials internally it used for mounting and checking the exchange datastore, which I believe needs exchange management roles. – StrangeWill May 01 '13 at 20:58