Due to the a recent outbreak of the virus Conficker, we registered constant domain account lockouts. Investigating the Eventlog (Event:664, Source:Security), we found multiple events where the attribute Caller Machine name is blank. Normally every event is associated to a specific computer/server, but not in this specific messages. Example: Severity: Information Source: Security Name: Ev644 Account Lock out DC Description: User Account Locked Out: Target Account Name: <User> Target Account ID: %{S-1-5-21-xxxxxxxxxxx-xxxxxxxxx-xxxxxxxxxx-xxxx} Caller Machine Name: Caller User Name: <Machine>$ Caller Domain: <DOMAIN> Caller Logon ID: (0x0,0x3E7) Domain: <DOMAIN> Agent: <AGENT> Time: 1/22/2009 15:34:42 If anyone had some similar experiences, I would be happy to get some root-cause analysis or any recommendation how to resolve this issue. Thank you very much for your help.Jorge Arroyave

Hi,The blank name may occur if the Event was from local computer or some system services. Its not critical for troubleshooting. You can logon several DC to check more events to narrow down the cause of this issue. You can also check the users name to narrow down the computer.You can use the following tools to troubleshoot this issue. Account Lockout and Management Toolshttp://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=enHow to use the EventCombMT utility to search event logs for account lockoutshttp://support.microsoft.com/kb/824209 Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.