We are running two DCs and have a user account that continues to get locked out of their primary system. Netlogon debug shows the following 0723 2247. Harden Windows 10 A Security Guide gives detailed instructions on how to secure Windows 10 machines and prevent it from being compromised. We will harden the system. Kilauea Mount Etna Mount Yasur Mount Nyiragongo and Nyamuragira Piton de la Fournaise Erta Ale. I think it has something to do with our Intranet site. We run IIS6 on Server 2003 and have Digest and Windows Authentication onlly enabled. When I stay off. Finding the source to something that keeps locking a domain user. Today, I had the lovely experience in trying to troubleshoot why a users account was locking out of the domain every 3. Inside of event viewer, I could see the account failing to login, but I had the most generic, useless, log to help track down what was going on. The computer attempted to validate the credentials for an account. Microsoft Authentication Package V1 0 Account Lockout Event' title='Microsoft Authentication Package V1 0 Account Lockout Event' />Authentication Package MICROSOFTAUTHENTICATIONPACKAGEV10. Logon Account username. Source Workstation Error Code 0xc. Micro Sd Repair Software Free Download more. Scrolling through my logs, the only other thing I was was the error code switching from from a 0xc. Even though this is beyond the scope of this document, here are what those codes mean 0xc. An invalid attempt to login has been made by the following user. The user account has been automatically locked because too many invalid logon attempts or password change attempts have been requested. Anyways, after scrolling through event viewer on my domain controllers, trying Lockout. Status. exe, and asking the user to power off their mobile devices, workstations, etc, in a desperate act, the error still peristed. Microsoft Authentication Package V1 0 Account Lockout Event Id' title='Microsoft Authentication Package V1 0 Account Lockout Event Id' />Finally I came across the holy grail of Microsoft articles http support. Solution We had to put the domain controller in verbose logging for the netlogon service to actually find out where the logon attempt was coming from. First, open up command prompt as an administrator and execute the following command nltest dbflag 0x. Once done, execute the following command to turn off the debugging nltest dbflag 0x. This logs every transaction made to the file windirdebugnetlogon. Inside of there, find the logon attempt made by the user and it should list the workstation it came from. Hp Printer 1050 Drivers. In this case, the logon attempt was coming from our NPS server, which then was coming from an old laptop he had logged into and left alone for a few months. HmqrwOLE4Cs/UrnliSgBDvI/AAAAAAAAAH4/4YyZYXmqhpQ/s1600/1.png' alt='Microsoft Authentication Package V1 0 Account Lockout Event' title='Microsoft Authentication Package V1 0 Account Lockout Event' />So, the source workstation is server01isa which I suppose is your ISA server. The used logon account is biswasd. C000006A means that the user logon with.