Announcement

Collapse
No announcement yet.

A user is getting locked all the time

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • A user is getting locked all the time

    Hi

    my network is a win2k8 domain with two DC's

    i have a VIP user that get locked everytime , i release it and it can be locked after 10 minutes

    how i can log/eventviewer the user account , i saw on the computer (client) at the event viewer an event that wrote "....too many logons ....the account was locked..."

    it doesnt look like someone is trying to log , it looks like a process or ????

    i tried to change computer to a new one , but same

    please assist

    tulik

  • #2
    Re: A user is getting locked all the time

    get the client to use a different computer and remove the current one from the network.

    Then you can wait and see if it happens again, and identify it as a person, or a computer problem.
    Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

    Comment


    • #3
      Re: A user is getting locked all the time

      Or check out his cellphone
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: A user is getting locked all the time

        HI

        Thanks

        i turned his main computer off and told mhim to logon to another computer
        same problem

        BUT YOU wrote somthing good , last week he bought NOKIA E71 and he had problems connecting to the exchange ..........
        this could be it

        i will cheklc it today (very nice tought)

        10x

        Comment


        • #5
          Re: A user is getting locked all the time

          Hope it helps. It wouldn't be the first time that a cellphone (or should I say Smartphone) would cause such issues
          Marcel
          Technical Consultant
          Netherlands
          http://www.phetios.com
          http://blog.nessus.nl

          MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
          "No matter how secure, there is always the human factor."

          "Enjoy life today, tomorrow may never come."
          "If you're going through hell, keep going. ~Winston Churchill"

          Comment


          • #6
            Re: A user is getting locked all the time

            Virus might be one possible cause...
            You may check your DC event security logs for failed attempt logs of VIP user.

            Comment


            • #7
              Re: A user is getting locked all the time

              If a mail polling smartphone isn't the culprit, you might find out the real reason with MS Account lockout tools.

              -vP

              Comment


              • #8
                Re: A user is getting locked all the time

                Have you tried to delete his AD presence completely and then re-creating the account from scratch again as if he was a new user?

                Comment


                • #9
                  Re: A user is getting locked all the time

                  any recent updates applied ?

                  did you check for any malwares or trojans

                  Comment


                  • #10
                    Re: A user is getting locked all the time

                    Hi ,

                    There are two tools of interest that you may issue to identity the account lock of vip user.

                    First one is EventCombMT
                    http://support.microsoft.com/kb/824209
                    You need to manually figure out using evidence

                    Second one is Account Lockout Status
                    This is will tell you what is close to excalty causing the issue but still u need to go thru netlogon.log trace file

                    Second one is advanced version, How authentication works is whenever a client sends a authentication, it's been forwarded to pdc emulator for verification and if it fails it sets badpwdcount and sends to dc, dc updates it's badpwdcount attribute and sends a message to the client.

                    Ok since you have only 2 dc, you need to enabled netlogon logging in case u r using second option for this

                    ************************************************** ***************************
                    To enable Netlogon logging on computers that are running Windows 2000 Server, at a command prompt, type nltest /dbflag:2080ffff. The log file is created in Systemroot\Debug\Netlogon.log. If the log file is not in that location, stop and restart the Netlogon service on that computer. To do this, at a command prompt, type net stop netlogon & net start netlogon. For more information, see "Enabling Debug Logging for the Netlogon Service" on the Microsoft Knowledge Base|http://support.microsoft.com/?id=109626.
                    If free disk space is low, make sure there is enough space to allow the 40 megabytes (MB) maximum space for the logging. You should also consider the disk space that Netlogon logging uses. When Netlogon.log reaches 20 MB in size, it is renamed to Netlogon.bak and a new Netlogon.log is created with the latest Netlogon data. After that Netlogon.log reaches 20 MB in size, Netlogon.bak is truncated, and the current Netlogon.log file is renamed to Netlogon.bak. Because of this process, the total disk space that is used by Netlogon logging is never more than 40 MB.
                    Note Performance may be slightly degraded by the logging process. Therefore, you should disable Netlogon logging after you have captured the events that you want in the log file. To disable Netlogon logging, at a command prompt, type nltest /dbflag:0, press ENTER, type net start netlogon and then press ENTER.
                    ************************************************** ***************************

                    you need to set it up on PDC, authentication DC, (if in your case both are same so shud be ok)

                    wait for the account lock to happen.

                    Make sure you stop the netlogon logging, it shud work even though it says for win 2000.

                    Once the account lock is happened stop the netlogon logging and either you can read the netlogon.log file or you can upload it and i can read it for you.

                    please provide authenticating dc, pdc, user name and user's machine name or from where he logon on from.

                    or you can do it yourself
                    http://www.microsoft.com/downloads/d...DisplayLang=en

                    I hope this will be helpful.
                    Thanks & Regards
                    v-2nas

                    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
                    Sr. Wintel Eng. (Investment Bank)
                    Independent IT Consultant and Architect
                    Blog: http://www.exchadtech.blogspot.com

                    Show your appreciation for my help by giving reputation points

                    Comment


                    • #11
                      Re: A user is getting locked all the time

                      Hi

                      thanks all

                      the problems was his E71 phone , with NOKIA EXCHANGE

                      thx

                      Comment


                      • #12
                        Re: A user is getting locked all the time

                        I knew it
                        Marcel
                        Technical Consultant
                        Netherlands
                        http://www.phetios.com
                        http://blog.nessus.nl

                        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
                        "No matter how secure, there is always the human factor."

                        "Enjoy life today, tomorrow may never come."
                        "If you're going through hell, keep going. ~Winston Churchill"

                        Comment

                        Working...
                        X