Mixed 2003/2008 Domain Controllers: Account Compromised
A couple of symptoms you’ll observe is:
- Sys-tray pop-up that you account may be compromised
- Sys-tray pop-up asking you to lock and unlock your computer, and after you complete it, it prompts you again
- Event ID 14: While processing an AS request for target service, the account did not have a suitable key for generating a Kerberos ticket
- Event ID 40960: The Security System detected an authentication error for the server…the failure code from the authentication protocol was “(0x80080341)”.
- Event ID 6: Automatic certificate enrollment for USER failed (0,80072095) A directory service error has occurred.
Of course this issue is not isolated to Blackberry installations but typical out of the box configurations do not have AES selected, so this issue only arises when you’re in a mixed environment and change the setting… and in this case, BES was the case for change.