windows-server-2008-r2 – Windows 2008 R2 gpupdate锁定我的用

我去年建立了一台 Windows 2008 R2服务器,自从我的高级帐户每天锁定10-12次.经过大量的研究和测试后,我发现服务器在每次尝试更新组策略失败时都会锁定我的帐户(大约每90分钟一次).我发现网上没有任何信息表明其他人已经看过这个,我发现自己难以置信.

每次在服务器上记录3个系统事件：

Event ID 14: The password stored in Credential Manager is invalid.
This might be caused by the user changing the password from this
computer or a different computer. To resolve this error,open
Credential Manager in Control Panel,and reenter the password for the
credential contoso\me.

Credential Manager中没有条目.无论我是否登录,无论我是否注销并使用本地管理员帐户删除我的个人资料,都会发生这种情况.

Event ID 40960: The Security System detected an authentication error
for the server cifs/ContosoDC.contoso.com. The failure code from
authentication protocol Kerberos was “The user account has been
automatically locked because too many invalid logon attempts or
password change attempts have been requested. (0xc0000234)”.

–

Event ID 1058:

The processing of Group Policy failed. Windows attempted to read the
file
\contoso.com\SysVol\contoso.com\Policies{78719F0C-3091-4B5C-9BC3-6498F729531E}\gpt.ini
from a domain controller and was not successful. Group Policy settings
may not be applied until this event is resolved. This issue may be
transient and could be caused by one or more of the following: a)
Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain
controller has not replicated to the current domain controller). c)
The Distributed File System (DFS) client has been disabled.

我检查了项目a-c,似乎没有.

我通过检查用户帐户是否未锁定,在服务器上运行gpupdate,然后重新检查立即锁定的用户帐户来彻底测试了这一点.我使用了锁定工具来揭示所有锁定都来自这个特定的服务器.用户帐户没有关联的电子邮件地址,我已经广泛研究了通常的已知锁定问题.

有什么线索吗？我正准备取下这个生产服务器并在AD中重置其计算机对象,但我不知道它会有所帮助.

There are passwords that can be stored in the SYSTEM context that
can’t be seen in the normal Credential Manager view.

Download PsExec.exe from
07001 and copy
it to C:\Windows\System32 .

From a command prompt run: psexec -i -s -d cmd.exe

From the new DOS window run: rundll32 keymgr.dll,KRShowKeyMgr

Remove any items that appear in the list of Stored User Names and
Passwords. Restart the computer.

希望,这将解决您的问题.

（编辑：ASP站长网）