Ask Your Question

Revision history [back]

Tracing network authentication requests causing Account lockouts

I changed a password on a privileged account. We have 3rd party software that scans domain computers looking for Scheduled Tasks, Services, App Pools using said account and can change them automatically. This account now locks out every 5 to 10 minutes. I've done this successfully 3 times prior.

Various trouble shooting routes have pointed to 2 domain controllers in different regional offices.

I'd like to trace authentication requests from the network to this server. NTLM encrypts everything, is it possible to decrypt this to see the requesting username?