account locked out
Hi all,
Why would a user on the network be prompted a number of times throughout the day for their credentials. The account also becomes locked out and needs unlocking.
Thanks
June 27th, 2012 4:14am
Hello,
if the account is used in scripts, scheduled tasks etc. and the password is changed this may happen.
Also the Conficker Virus result in account lockouts
http://support.microsoft.com/kb/962007/en-us
For account lockout use the troubleshooting tools
http://www.microsoft.com/en-us/download/details.aspx?id=18465
http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx
http://support.microsoft.com/kb/109626 http://blogs.dirteam.com/blogs/paulbergson/archive/2012/04/23/user-account-lockout-troubleshooting.aspxBest regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP - Directory Services
My Blog: http://msmvps.com/blogs/mweber/
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Free Windows Admin Tool Kit Click here and download it now
June 27th, 2012 4:18am
Hi,
Since the account lockout issue could be caused by many factors, such as Programs, Service accounts, Low bad password threshold AD replication and Redundant credentials. At this time, in order
to narrow down the cause of the account lockout issue. I suggest we try to enable Auditing policy, Netlogon Logging and Kerberos Logging to capture the information about the accounts that are being locked out.
Enable Auditing at the Domain Level
To view the Auditing policy settings, in the Group Policy MMC, double-click
Computer Configuration, double-click Windows Settings, double-click
Security Settings, double-click Local Policies, and then double-click
Audit Policy. Enable auditing for the event types listed in the previous section.
Enable Kerberos event logging on a computer
Click Start, click
Run, type regedit, and then press ENTER.Add the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters registry value to the registry key:
Registry value: LogLevelValue type: REG_DWORDValue data: 0x1
If the
Parameters registry key does not exist, create it.
Close Registry Editor and restart the computer.
Regarding enabling Netlogon logging, we could refer to the article Meinolf provided.
For details about troubleshooting account lockout issue, please refer to the articles below.
Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10)
Maintaining and Monitoring Account Lockout
http://technet.microsoft.com/en-us/library/cc776964.aspx
Regards,
Andy
June 28th, 2012 12:27am
I have a user that locks them selves out about once every 3 days at my work. The way I found it was her was that I logged into the Domain Controller and checked the Event Viewer. Made a Custom XML filter to show only ones wither her username in and done
it was all of the different types of events, not just security... This brought back a goood 150 from the past few days but I found there were a lot of invalid credential logs.Most having a 2-10 second break between which is enough to retype the password.
Also used "Services" and checked through some of the non-default ones to make sure there wasnt anything dodgy going on there.
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2012 9:33pm