Announcement

Collapse
No announcement yet.

Account Lockouts with Outlook Anywhere

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Account Lockouts with Outlook Anywhere

    This is driving me crazy!

    Environment:
    Exchange 2007 Ent SP1 on Windows 2008 Ent SP1
    Client is Outlook 2007 SP2 on Windows XP SP3
    Outlook Anywhere configured and working with commercial SAN certificate. Using Basic Authentication but I have NTLM as an option

    Issue:
    Most users have no issues at all and connect fine from internal and external locations.
    One particular user regularly gets the username/password prompt coming up when connecting from outside the corporate LAN and not accepting their credentials (both domain\username and [email protected]) Account gets locked out and I get hell

    Nothing obvious in event logs on client or DCs
    Mail server log shows batch of 8 AuditFail (Event 4625) at time of problem

    Only other (possibly) relevant information:
    User is only iPhone user in organisation
    User has "Password Never Expires" enabled at user account, domain policy is Max Length 60days

    Actions:
    Googled using obvious searches and cannot find anything directly relevant -- known issue with ISA but I'm not using it
    Checked at testexchangeconnectivity.com and all seems to be well
    Checked machine for cached credentials -- nothing visible
    Given user a new profile -- problem remains
    Rebuilt laptop (Sony Vaio) -- problem remains (note I installed most of the Sony applications so it is possible one of them may be the source)
    Considered sacrificing a virgin on the laptop, but that appears to be in breach of HR policies (plus lack of suitable candidates)

    Any bright ideas on where to start on this one?
    Last edited by Ossian; 5th June 2009, 19:03.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

  • #2
    Re: Account Lockouts with Outlook Anywhere

    Are they only getting locked out when using their Iphone? If so, then I would get them to just outlook for a few days to see if it happens again. If there using Outlook when it happens then try a different PC / Laptop to see if the PC / Laptop is causing the issue. Should be able to narrow it down to the client or the users account

    Michael
    Michael Armstrong
    www.m80arm.co.uk
    MCITP: EA, MCTS, MCSE 2003, MCSA 2003: Messaging, CCA, VCP 3.5, 4, 5, VCAP5-DCD, VCAP5-DCA, ITIL, MCP, PGP Certified Technician

    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    Comment


    • #3
      Re: Account Lockouts with Outlook Anywhere

      No, its not particularly related to the use of the iPhone (as far as I can see)

      And unfortunately replacing the laptop is not an option (very senior user )
      Tom Jones
      MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
      PhD, MSc, FIAP, MIITT
      IT Trainer / Consultant
      Ossian Ltd
      Scotland

      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Account Lockouts with Outlook Anywhere

        Is there any 3rd party outlook addin? if so, remove it and test the behaviour of it..
        ________
        RSV MILLE
        Last edited by Dks; 13th March 2011, 00:12.
        Rgds,

        Dks
        MCP E2K3 & MCITP E2K7
        MCITP Enterprise Win2k8

        Comment


        • #5
          Re: Account Lockouts with Outlook Anywhere

          No addins -- vanilla installation of Office 2007 Pro
          Tom Jones
          MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
          PhD, MSc, FIAP, MIITT
          IT Trainer / Consultant
          Ossian Ltd
          Scotland

          ** Remember to give credit where credit is due and leave reputation points where appropriate **

          Comment


          • #6
            Re: Account Lockouts with Outlook Anywhere

            Try setting up their profile on another external PC, see what happens. That way you can at least eliminate some odd server profile snafu.
            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Account Lockouts with Outlook Anywhere

              How may NIC cards is enabled on the laptop when users tries to connect externally?

              What happens if the same user is connected to LAN and configured for Outlook Anywhere?

              And also i would suggest you to try on the different workstation? This is to isolate the issue i.e. issue with computer or something else

              At last, Do you see any Kerberos error on the affected client workstation?
              ________
              VAPOR GENIE REVIEW
              Last edited by Dks; 13th March 2011, 00:14.
              Rgds,

              Dks
              MCP E2K3 & MCITP E2K7
              MCITP Enterprise Win2k8

              Comment


              • #8
                Re: Account Lockouts with Outlook Anywhere

                Thanks, guys!
                The laptop is out of the country for the next 2 weeks, so can't do anything.
                I've noticed a couple of other users getting locked out via Outlook Anywhere, so a lot of event logging to see what comes up
                Tom Jones
                MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
                PhD, MSc, FIAP, MIITT
                IT Trainer / Consultant
                Ossian Ltd
                Scotland

                ** Remember to give credit where credit is due and leave reputation points where appropriate **

                Comment

                Working...
                X