I
Ian Wadycki
Hello everyone, I really hope someone can give me ideas on this one.
I have inherited a Windows 2000 Domain conisting of 4 Servers acting
as Domain Controllers ( a PDC and 3 backups). A problem that has been
happening for as long as I can remember, deals with any Software that
requires the use of a Domain Service account.
The symptoms, as best as I can describe them, revolve around the
affected application, no longer performing its designated function.
The accompanying monitor for the software, reports everything is OK,
and theres nothing unusual in the event logs, it just stops working.
My next step is to go into the MMC and take a look at the services
associated with the software. Sure enough, it's status is "Started."
The only way I can prove that there is a problem, (other than the fact
that the software isnt working) is to attempt to "Restart" the
service. After attempting to restart, it returns an error, to the
effect of "Could not start due to log on failure."
OK I know what you are thinking, but here is the weird part. All I
have to do, is goto that services "Log on" Tab, and retype the
existing password. I don't reset the account, I don't "unlock it." I
just simpley retype the same password that i typed in since the last
time the problem happened, and viola, the service starts.
I have ruled out a problem with the application as it occurs with ANY
software that uses a service account. Just to name a few we
experienced the problem with though: SMS, Cisco Unity, Brightmail,
Vertias NetBackup and Blackberry Enterprise Server.
If I didn't know any better, It seems like the services stop
submitting the password after a period of time. Each service that uses
a domain service account, experiences this at least once a Month,
sometimes twice.
Now the administrator before me was a bit of a security nut. Are there
any settings that might be defined in the security policy that would
cause this type of problem?
ANY guidance would be appreciated.
Thanks in advance,
Ian
I have inherited a Windows 2000 Domain conisting of 4 Servers acting
as Domain Controllers ( a PDC and 3 backups). A problem that has been
happening for as long as I can remember, deals with any Software that
requires the use of a Domain Service account.
The symptoms, as best as I can describe them, revolve around the
affected application, no longer performing its designated function.
The accompanying monitor for the software, reports everything is OK,
and theres nothing unusual in the event logs, it just stops working.
My next step is to go into the MMC and take a look at the services
associated with the software. Sure enough, it's status is "Started."
The only way I can prove that there is a problem, (other than the fact
that the software isnt working) is to attempt to "Restart" the
service. After attempting to restart, it returns an error, to the
effect of "Could not start due to log on failure."
OK I know what you are thinking, but here is the weird part. All I
have to do, is goto that services "Log on" Tab, and retype the
existing password. I don't reset the account, I don't "unlock it." I
just simpley retype the same password that i typed in since the last
time the problem happened, and viola, the service starts.
I have ruled out a problem with the application as it occurs with ANY
software that uses a service account. Just to name a few we
experienced the problem with though: SMS, Cisco Unity, Brightmail,
Vertias NetBackup and Blackberry Enterprise Server.
If I didn't know any better, It seems like the services stop
submitting the password after a period of time. Each service that uses
a domain service account, experiences this at least once a Month,
sometimes twice.
Now the administrator before me was a bit of a security nut. Are there
any settings that might be defined in the security policy that would
cause this type of problem?
ANY guidance would be appreciated.
Thanks in advance,
Ian