Hi, I have a Windows 2003 AD domain and samba / winbind unix boxes authenticating with the domain. I changed the account policy on my AD domain to include a 5 attempt invalid attempt lockout. After implementing this change 4 users are having their accounts locking out every hour or so. I checked if any of these users had running processes on the unix box and they did at the time when the change was implemented. I have since killed their orphan processes. However, I still keep getting the following errors on my security log (and the accounts keep locking out): [snip] Pre-authentication failed: User Name: user1 User ID: DOMAIN\user1 Service Name: krbtgt/DOMAIN.COM Pre-Authentication Type: 0x0 Failure Code: 0x12 Client Address: 192.168.246.134 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. [/snip] In the Directory Service logs I see the following entry: [snip] Active Directory could not update the following object with changes received from the domain controller at the following network address because Active Directory was busy processing information. Object: CN=User 1,OU=Testing Services Team,OU=TESTER V,DC=domain,DC=com Network address: e5523049-53f1-4274-858b-c68971599acf._msdcs.domain.com This operation will be tried again later. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. [/snip] The samba daemon runs at 192.168.246.134 with a kerberos setup. Any help would be most appreciated. Thanks and regards, -- Rajat Swarup www.rajatswarup.com