IIS user getting locked out

[Blake]

I have created a domain user called 'proxy' with certain permissions on an
AD OU. I have set IIS to run all pages in a certain folder as this user. I
submit the name/password in IIS settings. This works fine.

Somehow, this user is getting locked out. It works great for a time, then I
get the log full of 'invalid name/passwords', and the ID gets locked out.
IIS should not be able to do anything with the password for this account,
since it is not local.

Any ideas?

Blake

 

[Roger Abell]

You need to determine from where the invalid login attempts
originate. As a stop-gag measure, change the name of the
account in AD and as recorded in IIS. If they originate outside
of IIS, as is highly likely, the new account name may be useful
for a while until something discovers the new name.
Try running something like EventCombNT to view all failed
login attempts at the DCs for the account in order to get a
handle on their origin.

 

[Blake]

This is a test environment with only a single DC. The IIS folder is set to
allow only anonymous access, and that folder is then set to run as
passproxy. passproxy is a domain ID with the ability to reset passwords on
a single OU.

I don't think anyone is actually trying to log on as this user. The .asp
page runs fine for a while, then starts getting invalid logon attempts.

I'll try using the account lockout tools and see if I can't get some info.