No announcement yet.

Accounts with disconnected sessions are locking out.

  • Filter
  • Time
  • Show
Clear All
new posts

  • Accounts with disconnected sessions are locking out.

    We seem to have a pattern here at work where if a user changes their domain password and they have a disconnected session on one or more servers, their accounts will start to intermittently lock out. A new Sys Eng has started and he is saying that this is not normal and accounts should not be locking out even with disconnected RDP sessions.

    So my question is, is the new guy correct and if so, where do I start looking for the reason for the account lockouts?

    +-- JDMils
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades

  • #2
    Account lockout happens when repeated authentication requests are being made with the wrong password. A disconnected RDP session should not generate any logon requests at all, unless of course there's an application running in that session that keeps trying to log on, like, say, an e-mail client..

    What does the security log on the domain controller(s) say? There should be a number of authentication failure events related to the affected account(s), and in addition to the username, the log entry should contain the name and the IP address of the client trying to authenticate.