Results 1 to 6 of 6

Thread: Event ID 1083 & 1955 and account locks

  1. #1
    jmp13 Guest

    Event ID 1083 & 1955 and account locks

    Experiencing user accounts getting locked out for no reason. The default
    domain policy has no restrictions. Trying to troubleshoot the problem so it
    was turned off. It used to be set to 3 for the account lockout policy for bad
    login attempts. In the middle of a domain migration from NT4 to 2003 with
    Exchange 5.5 to 2003 migration. This issue just started a few weeks ago. My
    question is could the the 1083 event ids in the DS log be related to the
    account lockout issue. Any other suggestions in trying to find out why
    accounts lockout?

  2. #2
    Hayman Ezzeldin Guest

    Re: Event ID 1083 & 1955 and account locks

    Dear Jmp13,
    These usernames that get locked out are assigned to users or services?

    "jmp13" <jmp13@discussions.microsoft.com> wrote in message
    news:560D21DB-CE25-43A8-8AC9-593236D9C1FE@microsoft.com...
    > Experiencing user accounts getting locked out for no reason. The default
    > domain policy has no restrictions. Trying to troubleshoot the problem so
    > it
    > was turned off. It used to be set to 3 for the account lockout policy for
    > bad
    > login attempts. In the middle of a domain migration from NT4 to 2003 with
    > Exchange 5.5 to 2003 migration. This issue just started a few weeks ago.
    > My
    > question is could the the 1083 event ids in the DS log be related to the
    > account lockout issue. Any other suggestions in trying to find out why
    > accounts lockout?




  3. #3
    Hayman Ezzeldin Guest

    Re: Event ID 1083 & 1955 and account locks

    Dear Jmp13
    Another few things to try
    1- Firstly, ensure that the DNS zone for your domain allows Dynamic Updates
    (secure only) and make it AD-Integrated if it isn't already.
    2- You should also ensure that your GC is online and operating and that all
    clients are pointing to right DCs for DNS (in their TCP/ IP settings).
    3- After doing this install "Support Tools" from the Windows 2003 CD.
    4- Run REPLMON, check replication and force replication.
    5- If replication is successful, run DCDIAG /V /C and NETDIAG /V and look to
    see if there are any errors and/ or failures

    Best regards

    "jmp13" <jmp13@discussions.microsoft.com> wrote in message
    news:560D21DB-CE25-43A8-8AC9-593236D9C1FE@microsoft.com...
    > Experiencing user accounts getting locked out for no reason. The default
    > domain policy has no restrictions. Trying to troubleshoot the problem so
    > it
    > was turned off. It used to be set to 3 for the account lockout policy for
    > bad
    > login attempts. In the middle of a domain migration from NT4 to 2003 with
    > Exchange 5.5 to 2003 migration. This issue just started a few weeks ago.
    > My
    > question is could the the 1083 event ids in the DS log be related to the
    > account lockout issue. Any other suggestions in trying to find out why
    > accounts lockout?




  4. #4
    jmp13 Guest

    Re: Event ID 1083 & 1955 and account locks

    Did most of that - everything is fine. DNS is pointing to the NT world. I
    will go test that out.

    These are user accounts that have been migrated from NT.

    "Hayman Ezzeldin" wrote:

    > Dear Jmp13
    > Another few things to try
    > 1- Firstly, ensure that the DNS zone for your domain allows Dynamic Updates
    > (secure only) and make it AD-Integrated if it isn't already.
    > 2- You should also ensure that your GC is online and operating and that all
    > clients are pointing to right DCs for DNS (in their TCP/ IP settings).
    > 3- After doing this install "Support Tools" from the Windows 2003 CD.
    > 4- Run REPLMON, check replication and force replication.
    > 5- If replication is successful, run DCDIAG /V /C and NETDIAG /V and look to
    > see if there are any errors and/ or failures
    >
    > Best regards
    >
    > "jmp13" <jmp13@discussions.microsoft.com> wrote in message
    > news:560D21DB-CE25-43A8-8AC9-593236D9C1FE@microsoft.com...
    > > Experiencing user accounts getting locked out for no reason. The default
    > > domain policy has no restrictions. Trying to troubleshoot the problem so
    > > it
    > > was turned off. It used to be set to 3 for the account lockout policy for
    > > bad
    > > login attempts. In the middle of a domain migration from NT4 to 2003 with
    > > Exchange 5.5 to 2003 migration. This issue just started a few weeks ago.
    > > My
    > > question is could the the 1083 event ids in the DS log be related to the
    > > account lockout issue. Any other suggestions in trying to find out why
    > > accounts lockout?

    >
    >
    >


  5. #5
    jmp13 Guest

    Re: Event ID 1083 & 1955 and account locks

    Changing the clients DNS did not work. Any other suggestions? It is only
    happening to a few of the accounts that have been migrated.

    "jmp13" wrote:

    > Did most of that - everything is fine. DNS is pointing to the NT world. I
    > will go test that out.
    >
    > These are user accounts that have been migrated from NT.
    >
    > "Hayman Ezzeldin" wrote:
    >
    > > Dear Jmp13
    > > Another few things to try
    > > 1- Firstly, ensure that the DNS zone for your domain allows Dynamic Updates
    > > (secure only) and make it AD-Integrated if it isn't already.
    > > 2- You should also ensure that your GC is online and operating and that all
    > > clients are pointing to right DCs for DNS (in their TCP/ IP settings).
    > > 3- After doing this install "Support Tools" from the Windows 2003 CD.
    > > 4- Run REPLMON, check replication and force replication.
    > > 5- If replication is successful, run DCDIAG /V /C and NETDIAG /V and look to
    > > see if there are any errors and/ or failures
    > >
    > > Best regards
    > >
    > > "jmp13" <jmp13@discussions.microsoft.com> wrote in message
    > > news:560D21DB-CE25-43A8-8AC9-593236D9C1FE@microsoft.com...
    > > > Experiencing user accounts getting locked out for no reason. The default
    > > > domain policy has no restrictions. Trying to troubleshoot the problem so
    > > > it
    > > > was turned off. It used to be set to 3 for the account lockout policy for
    > > > bad
    > > > login attempts. In the middle of a domain migration from NT4 to 2003 with
    > > > Exchange 5.5 to 2003 migration. This issue just started a few weeks ago.
    > > > My
    > > > question is could the the 1083 event ids in the DS log be related to the
    > > > account lockout issue. Any other suggestions in trying to find out why
    > > > accounts lockout?

    > >
    > >
    > >


  6. #6
    Harj Guest

    Re: Event ID 1083 & 1955 and account locks

    On Apr 16, 9:42 am, jmp13 <j...@discussions.microsoft.com> wrote:
    > Changing the clients DNS did not work. Any other suggestions? It is only
    > happening to a few of the accounts that have been migrated.
    >
    >
    >
    > "jmp13" wrote:
    > > Did most of that - everything is fine. DNS is pointing to the NT world. I
    > > will go test that out.

    >
    > > These are user accounts that have been migrated from NT.

    >
    > > "Hayman Ezzeldin" wrote:

    >
    > > > Dear Jmp13
    > > > Another few things to try
    > > > 1- Firstly, ensure that the DNS zone for your domain allows Dynamic Updates
    > > > (secure only) and make it AD-Integrated if it isn't already.
    > > > 2- You should also ensure that your GC is online and operating and that all
    > > > clients are pointing to right DCs for DNS (in their TCP/ IP settings).
    > > > 3- After doing this install "Support Tools" from the Windows 2003 CD.
    > > > 4- Run REPLMON, check replication and force replication.
    > > > 5- If replication is successful, run DCDIAG /V /C and NETDIAG /V and look to
    > > > see if there are any errors and/ or failures

    >
    > > > Best regards

    >
    > > > "jmp13" <j...@discussions.microsoft.com> wrote in message
    > > >news:560D21DB-CE25-43A8-8AC9-593236D9C1FE@microsoft.com...
    > > > > Experiencing user accounts getting locked out for no reason. The default
    > > > > domain policy has no restrictions. Trying to troubleshoot the problem so
    > > > > it
    > > > > was turned off. It used to be set to 3 for the account lockout policy for
    > > > > bad
    > > > > login attempts. In the middle of a domain migration from NT4 to 2003 with
    > > > > Exchange 5.5 to 2003 migration. This issue just started a few weeks ago.
    > > > > My
    > > > > question is could the the 1083 event ids in the DS log be related to the
    > > > > account lockout issue. Any other suggestions in trying to find out why
    > > > > accounts lockout?- Hide quoted text -

    >
    > - Show quoted text -



    Hi,

    >> It used to be set to 3 for the account lockout policy for bad

    login attempts.

    Was/is the registry tattooed? When this setting was set, did you just
    disable it or set it to not configured or did you change the value
    from 3 to 0?
    What you can do is set the value to 0 and see if this still causes
    accounts to lockout.
    If this does not resolve it you can utilize the following tools to
    find the root.

    A few reasons accounts get locked out:

    1.Applications using cached credentials that are stale.
    2.Stale service account passwords cached by the Service Control
    Manager.
    3.Stale logon credentials cached by Stored User Names and Passwords in
    Control Panel.
    4.Scheduled tasks and persistent drive mappings that have stale
    credentials.
    5.Disconnected Terminal Service sessions that use stale credentials.
    6.Failure of Active Directory replication between domain controllers.
    7.Users logging into two or more computers at once and changing their
    password on one of them.

    Any one of the above situations can trigger an account lockout
    condition

    Account Lockout and Management Tools
    http://www.microsoft.com/downloads/d...displaylang=en

    Good luck

    Harj Singh
    Power Your Active Directory Investment
    www.specopssoft.com


Similar Threads

  1. Security Failure Audit Account Logon Event ID 675
    By Itsme in forum Active Directory
    Replies: 1
    Last Post: 01-06-2009, 05:53 PM
  2. Replies: 4
    Last Post: 14-05-2009, 02:20 PM
  3. Event id 672, 675, 680 - Account getting locked out
    By Rising in forum Windows Security
    Replies: 3
    Last Post: 26-04-2009, 04:45 AM
  4. Replies: 4
    Last Post: 21-01-2008, 05:03 PM
  5. event ID: 1083 and 1955 ntds replication
    By pain112 in forum Active Directory
    Replies: 8
    Last Post: 16-09-2005, 02:44 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •