I do not see any failed logon attempts in my windows sever 2003 security event log (I see only successful ones). However, I have a user that is getting locked out very often and I need to try to determine why. Is there a setting that might be hiding the failed login attempts, or a way to view these?
View active directory failed logon attempts
active-directorywindows-event-logwindows-server-2003
Related Topic
- Failed Account Logon Events
- Remote session from client name a exceeded the maximum allowed failed logon attempts. (Every 10 sec in the Event Log)
- Windows Domain accounts gets locked without any failed logon events
- Windows Server 2012 R2 – Help finding failed logon attempts source
- Windows – Audit failed login attempts to domain on Active Directory controller
- Logging all failed authentication attempts against Active Directory
Best Answer
If your auditing policy is set to only log successful events, you will only get successful events. Change your auditing policy to log logon failures as well, then look at these Microsoft tools to help you troubleshoot the lockout issue.