Bad logon causes the Bad Logon Count to increase by two.

Bad logon causes the Bad Logon Count to increase by two.

Post by Le » Sat, 12 Apr 2003 23:27:17



I'm calling ADsOpenObject to check a users credentials.  If an incorrect
password is supplied I'm finding the badPwdCount for the user jumps from
0 to 2. If the password is entered incorrectly a second time the value
remains at 2.  A third bad password causes the value to jump from 2 to
4.

I've tried supplying the wrong password to the Windows logon dialog and
the badPwdCount goes from 0 to 1 as expected.

Thanks for any help,

Leo

 
 
 

Bad logon causes the Bad Logon Count to increase by two.

Post by Max L. Vaughn [MSF » Sun, 13 Apr 2003 02:21:26


Here is what's happening:

1 try is for NTLM, 1 try is for Kerberos.  Both fail, increment by 2.

The initial login uses NTLM, 1 fail, increment by 1.

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

 
 
 

Bad logon causes the Bad Logon Count to increase by two.

Post by Quack » Wed, 16 Apr 2003 09:58:16


So there is no way that make the AdsOpenObject to increment the bad
logon count only by 1 as the Windows 2000 logon?


it works as expected (increment by 1).  But with the pre-Windows 2000
name, it does increment by 2.

The Windows 2000 logon does not behave like this.  What's the
difference between the way Windows 2000 logon works and this
AdsOpenObject works?

Thanks


Quote:> Here is what's happening:

> 1 try is for NTLM, 1 try is for Kerberos.  Both fail, increment by 2.

> The initial login uses NTLM, 1 fail, increment by 1.

> Sincerely,
> Max Vaughn [MS]
> Microsoft Developer Support

> Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

 
 
 

Bad logon causes the Bad Logon Count to increase by two.

Post by Max L. Vaughn [MSF » Tue, 10 Jun 2003 23:21:23


Windows 2000K login against the AD, only tries Kerberos, no NTLM.

OpenDsOBject will try NTLM and Kerberos.

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

 
 
 

1. Bad VPN, Bad!

When attempting to use the VPN I have the following problem.   While
using the Dial-up connection, the dial-up connection when it has
connected will look for the domain, then informs me (obviously) the
domain cannot be found.  This prevents the VPN connection from, as far
as I can tell, looking for the domain.  Consequently, though I can
connect to the computers on the network via the IP, the UNC doesn't
work.  I've unbound the appropriate things, but still it refuses to
cooperate.

I've also put a LMHOST file on the client machine.

2. Loading another program in SAS/C?

3. clearing bad logon

4. Encryption on pocketpc

5. Running SMSLS from a logon script gets unrecognized or bad file name trying to execute??

6. User Group - Manchester

7. Logon Failure: unknown username or bad password

8. Wingate and Firewall setup

9. Is this a bad smb.conf: Windows clients state no logon servers available

10. Bad Message causing IMS to fail

11. odpwin9x error caused by bad netapi.dll file?

12. Bad RAW Files -- Cause?

13. second login bad