Hi, I have a customer running v4.2 patch2 on a pair of 620B' s. They have a webfiltering identity based policy which uses LDAP authentication. The requirement is for users to only need to explicitly authenticate once each day so the Authentication Timeout has been set to 480 minutes. This seems to be working as expected and users are only asked to authenticate once, however we have just noticed an issue. Users are reporting that their AD accounts are being locked out at least once per day; an example of the DC events relating to this are shown below:
Event Type: Failure Audit
Event Source: Microsoft-Windows-Security-Auditing
Event Category: (14336)
Event ID: 4776
Date: 04/11/2010
Time: 13:42:59
User: N/A
Computer: xxxxxxxx01S.xxxx.xx.xxxxxx.xxxx.xx
Description:
The domain controller attempted to validate the credentials for an account.
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon Account: BLOGGSJ
Source Workstation: xxxxxxxx01S
Error Code: 0xc000006a
Event Type: Failure Audit
Event Source: Microsoft-Windows-Security-Auditing
Event Category: (12544)
Event ID: 4625
Date: 04/11/2010
Time: 13:42:59
User: N/A
Computer: xxxxxxxx01S.xxxx.xx.xxxxxx.xxxx.xx
Description:
An account failed to log on.
Subject:
Security ID: S-1-5-18
Account Name: xxxxxxxx01S$
Account Domain: xxxx
Logon ID: 0x3e7
Logon Type: 3
Account For Which Logon Failed:
Security ID: S-1-0-0
Account Name: BLOGGSJ
Account Domain: xxxx
Failure Information:
Failure Reason: %%2313
Status: 0xc000006d
Sub Status: 0xc000006a
Process Information:
Caller Process ID: 0x260
Caller Process Name: C:\Windows\System32\lsass.exe
Network Information:
Workstation Name: xxxxxxxx01S
Source Network Address: xx.xx.1.51
Source Port: 17635
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
The xx.xx.1.51 address is the IP of the Fortigate whislt xxxxxxxx01S is the name of the workstation.
I have checked out the error codes and they translate to correct username wrong password. I guess that AD is validating the user credentials on a periodic basis but Fortigate is not replying with the correct information.
Does anyone have any ideas what may be going on and how to resolve it?
Many thanks.
Darren