Results 1 to 9 of 9

Thread: Account constantly locked out

  1. #1
    tke402 Guest

    Account constantly locked out

    I adjusted my account lockout policy to lock a user account after 5 invlaid
    attempts. Since that change yesterday, I have had to reset my account 3
    times. I have logged in without making a mistake on my password. I'm thinking
    there is a scheduled task somewhere using my credentials or there is someone
    trying to guess my password. Is there a utility or an LDAP command that will
    show where my user account is being used to log into the network? What other
    ways can I use to track this down?

  2. #2
    Danny Sanders Guest
    I would start by checking the services running on your computer for a
    service running under your account, and change that password.

    Also, if you are logged on anywhere with an old password, that will
    cause the same problem.

  3. #3
    Paul Bergson [MVP-DS] Guest

    Re: Account constantly locked out

    Is the account logged into more than one machine or is it running a service
    on the same machine? A user could have mapped drives to a resource from one
    machine, on a different machine he changes his password and then the first
    machine attempts to stay mapped to a drive and the password is no longer
    correct and eventually locks the user out. Or after a password is changed a
    service is running that attempts to authenticate with an old password.

    To help try and track down where the account is getting locked out use
    eventcomboMT.exe from the Account Lockout tools found out Microsoft's
    website. Use the built in search AccountLockouts and search in the created
    text files for the user in question.

    http://www.microsoft.com/downloads/d...9-b999adde0b9e

  4. #4
    Prith Guest

    Re: Account constantly locked out

    Also, please enable netlogon logging on all the domain controllers starting
    with the PDC.

    http://support.microsoft.com/kb/109626/

    After enabling the log and when the account gets locked out, please parse
    the logs for the 6A (bad password events) and check from which computer they
    are coming.

  5. #5
    Paul Bergson [MVP-DS] Guest

    Re: Account constantly locked out

    I haven't had the need to do this, if the eventcombo is used. Not saying
    that he won't need it but I would suggest he try the eventcombo for
    starters.

  6. #6
    Join Date
    Jul 2009
    Posts
    1

    Re: Account constantly locked out

    Yes, eventcomb built-in search is very helpful, in these cases, but if that
    does not help this is a little advanced to go deeper, shows all the NTLM
    based lockouts.

    I normally do both at the same time to gather all the relevant data at the
    same time.

    Please try eventcomb first.

  7. #7
    Join Date
    Feb 2010
    Posts
    3

    Re: Account constantly locked out

    The Netwrix account lockout examiner can prob help. It examines all schedules tasks and show where account is used and locked

  8. #8
    Stevemorris Guest

    Re: Account constantly locked out

    Bobby is right, netwrix account lockout examiner will tell you why you are getting locked out.

  9. #9
    Join Date
    Dec 2011
    Posts
    1

    Re: Account constantly locked out

    I was having a problem similar to this. I am not saying this is the fix for you but here is what I had.

    User account would lock out after 5-10 minutes. At first I suspected machine and services. No services were using the user account to start. Then I thought running processes on startup. Then I noticed the user would lock without even being logged into the machine. Ok easy has to be replication problem. No repl problems were found and could unlock on one domain controller and would instantly unlock on all others.

    Then I noticed the end user typing on their older Andriod phone.... hmm. Are you using that to get your corporate Email? "Yes but it hasn't worked in a while". Ever since you changed your password? "Yes right around there".

    Delete corporate email from phone. Waited half an hour and account didn't lock. Log into the exchange server for that account and review security logs yep there it was plain as day a bunch of failed OWA logins.

    I feel stupid for not looking on the exchange server first but at least I found it. Maybe this will give you another spot to look.

    Regards
    J

Similar Threads

  1. User account being locked out
    By Robbin M in forum Active Directory
    Replies: 1
    Last Post: 28-04-2011, 08:28 PM
  2. Event id 672, 675, 680 - Account getting locked out
    By Rising in forum Windows Security
    Replies: 3
    Last Post: 26-04-2009, 04:45 AM
  3. Account is locked out...
    By antogod in forum Operating Systems
    Replies: 4
    Last Post: 02-02-2009, 04:15 PM
  4. Exclude Admin account from Account Locked out policy
    By Manik in forum Active Directory
    Replies: 3
    Last Post: 18-12-2008, 01:07 AM
  5. Administrator Account Locked Out
    By Nadeem in forum Windows Security
    Replies: 2
    Last Post: 24-04-2008, 04:30 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,710,821,691.53171 seconds with 16 queries