http://www.microsoft.com/technet/Security/bestprac/bpent/sec3/monito.msp x 672 - Authentication Ticket Granted It is connected to DC, Kerberos and DNS config. So check your DC's config and check clients for DNS settings. If you cannot solve the problem, you could increase the number of failed logon attempts before the account is locked down. Or remove it, as the guys from MS security team say it is just a nice tool for DoS attack, not a real security related measure. ---------------------------------- Zoran ________________________________ From: Praveen Ramaswamy [mailto:ramaswamy_praveen@xxxxxxxxx] Sent: Friday, March 17, 2006 1:06 PM To: [ExchangeList] Subject: [exchangelist] event 672 http://www.MSExchange.org/ Hi, Any idea about this event? Source: Security Type: Failure Audit Event id 672 Category Account logon Authentication Ticket Request: User Name: Chan.ban Supplied Realm Name: dsltech User ID: - Service Name: krbtgt/dsltech Service ID: - Ticket Options: 0x40810010 Result Code: 0x12 Ticket Encryption Type: - Pre-Authentication Type: - Client Address: 10.10.10.125 (this is my front end IP) Certificate Issuer Name: Certificate Serial Number: Certificate Thumbprint: For more information, see Help and Support Center at I check on the web site, but no where I can find failure events with respect to event id 672. Some users account is getting locked when tried to logon for the first time in the morning even when tried to logon with correct password. Account lock policy is set to 3 times, but account gets locked even on the first try itself. When I checked on the server for events I found around 12 events like this. I use windows 2003 sp1 and exchange 2003 sp1 Regards Praveen R ________________________________ Yahoo! Mail Bring photos to life! New PhotoMail <http://pa.yahoo.com/*http:/us.rd.yahoo.com/evt=39174/*http:/photomail.m ail.yahoo.com> makes sharing a breeze. ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp ------------------------------------------------------ Visit TechGenix.com for more information about our other sites: http://www.techgenix.com ------------------------------------------------------ You are currently subscribed to this MSExchange.org Discussion List as: zoran.marjanovic@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to info@xxxxxxxxxxxxxx