LSASRV SPNEGO 40960

[Lucian]

Hi all,

Anyone see this error before? The Security System
detected an attempted downgrade attack for server... The
failure code from authentication protocol Kerberos
was "The user account has been automatically locked
because too many invalid logon attempts or password
change attempts have been requested. (0xc0000234)".

A user has been complaining about login problems, but
swears she isn't entering wrong username and passwords.
After a few attempts, she finally logs in.

Thanks in advanced.
Lucian

 

[Steven L Umbach]

The message indicates that an account is being locked out per domain lockout policy.
If this is the only user experiencing the problem then maybe she is entering her info
wrong or maybe her keyboard has a bad key that does not enter the character correctly
which can not be seen when entering a password obviously. See if she has this problem
on another computer or with a different keyboard. Microsoft recommends using and
account lockout threshold of no less then ten which still provides protection against
password attacks if enforcing use of password complexity on the domain. --- Steve