Announcement

Collapse
No announcement yet.

User account gets locked out automatically

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • User account gets locked out automatically

    Hello,

    I have a user in our win2003 domain whose account gets locked out immediately within 5 to 10 minutes. I am fed up unlocking his account all the time and could not find why it's happening. Our domain password policy is to get an account locked out for 30 minutes after 3 wrong password attempts. But this user really knows his password and able to log in by one shot, but after few minutes he gets locked out for no reason ....I changed his password and still the situation is the same

    I wonder some other applications/services are trying this account to authenticate againist AD, if I am able to find and stop it...the problem might get fixed

    Any clues?
    Insaf Muhammed
    System Admin
    -----------------
    Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

  • #2
    Re: User account gets locked out automatically

    Almost certainly cached credentials somewhere that are applying an old password
    Check security logs on DCs (or use the account lockout tools) to identify which computer it is coming from, then deal with it there
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: User account gets locked out automatically

      Originally posted by Insaf View Post
      Hello,

      I have a user in our win2003 domain whose account gets locked out immediately within 5 to 10 minutes.
      Find out if it is caused via her/his computer - or does it sometimes happen also when this particular computer is powered off?


      check for cached credentials, login to the computer using his/her credentials:
      http://forums.petri.com/showpost.php...90&postcount=2
      (some times drive- or printermappings could have done once with provided crededials)

      Check also all scheduled tasks (i.e. used for sofware update checking/installing)


      \Rems

      This posting is provided "AS IS" with no warranties, and confers no rights.

      __________________

      ** Remember to give credit where credit's due **
      and leave Reputation Points for meaningful posts

      Comment


      • #4
        Re: User account gets locked out automatically

        Hello Rems,

        As far as I know no other PCs or users are using this specific users credentials. Good thing you pointed that, this user had a bunch of scheduled tasks which must probably be keeping the old credentials to run them...., I deleted all of the tasks and let me monitor for a day or two...

        Thanks for the tips
        Last edited by Insaf; 24th August 2010, 10:53.
        Insaf Muhammed
        System Admin
        -----------------
        Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

        Comment


        • #5
          Re: User account gets locked out automatically

          Also, check if the user has enabled mail sync on a mobile phone.

          -vP

          Comment


          • #6
            Re: User account gets locked out automatically

            Tried all chances with no use...still that account gets locked every now and then..

            Could not find any tool or command to find out where the login request is coming from..
            Insaf Muhammed
            System Admin
            -----------------
            Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

            Comment


            • #7
              Re: User account gets locked out automatically

              Did you use the tools as per my post #2 above -- they should tell you the exact machine generating the lockout
              Tom Jones
              MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
              PhD, MSc, FIAP, MIITT
              IT Trainer / Consultant
              Ossian Ltd
              Scotland

              ** Remember to give credit where credit is due and leave reputation points where appropriate **

              Comment


              • #8
                Re: User account gets locked out automatically

                You notice changes? at first it was "within 5 to 10 minutes" and now it is "now and then" or is it still the same.


                Included in the "Account Lockout and Management Tools" package is also the ALockout.dll Tool, you can use that if you think the problem is one particular client computer.
                install on the client computer and how to troubleshoot,

                Also use the cmdkey.exe tool (can be found in the windows\system32 folder on a windows server 2003 computer) run it on the client computer.

                It is possible of course the problem is caused by an other device or service.


                \Rems

                This posting is provided "AS IS" with no warranties, and confers no rights.

                __________________

                ** Remember to give credit where credit's due **
                and leave Reputation Points for meaningful posts

                Comment


                • #9
                  Re: User account gets locked out automatically

                  Originally posted by Ossian View Post
                  Did you use the tools as per my post #2 above -- they should tell you the exact machine generating the lockout
                  Sorry Ossian, I downloaded the whole pack and ran the LockoutStatus.exe tool which shows all our domain controllers and the account status...I don't know I could not utilize any of the resources to find from where the request comes from which causes the account lockout...can you give some tips?

                  Thanks.
                  Insaf Muhammed
                  System Admin
                  -----------------
                  Never break four things in life: TRUST, PROMISE, RELATIONS & HEART. Cause when they break they don't make noise but pains a lot

                  Comment


                  • #10
                    Re: User account gets locked out automatically

                    Out of interest does the account get locked out even when the user isn't logged in?

                    Have you tried renaming the user account and then seeing if the user gets locked out? Don't chance anything else except for the account login name (email etc stays the same, ie user1, is renamed to user1TEST).

                    Comment


                    • #11
                      Re: User account gets locked out automatically

                      1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the excat time also.
                      2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of souce computer sending the wrong password.
                      3. Once you get the IP of the source you can use the tools mentioned in below posts and if not critical you can re-build that machine.

                      * Check it on multiple DCs to ensure that the attempts are coming from same source else you might have to cleanup multiple machines.
                      **Ensure that audit for logon is enabled.

                      Thanks,
                      Kapil Sharma
                      ~~~~~~~~~~~~~
                      Life is too short, Enjoy It.

                      Comment


                      • #12
                        Re: User account gets locked out automatically

                        As already mentioned, does it lock out when they are not logged in?

                        Further to this.

                        (1) Does it only lock out when logged onto the same computer?
                        (2) Have you got them to change their password using ctrl-alt-del option on laptop, get them to restart and then logon again.
                        (3) Have you deleted the cached logon account and other remembered passwords. Go to Run, type control userpasswords2, select the advanced tab and then Manage Passwords. Ensure in Windows 7 and Vista that you first type Run and then type the command into there.
                        (4) Failing this, in the past, I have demoted the computer to a workgroup and then re-joined it to the domain and it has resolved this type of issue.

                        Comment


                        • #13
                          Re: User account gets locked out automatically

                          have you used something like User Finder? I can't upload the link but have a search on Google for 'User Finder 3.0.0' and then download the trial version.

                          This will allow you to enter in the users details and then scan the network, they are problem logged into a machine that is locked in the corner that they have forgotten about.

                          Comment


                          • #14
                            Re: User account gets locked out automatically

                            Originally posted by LASERPAPER View Post
                            have you used something like User Finder? I can't upload the link but have a search on Google for 'User Finder 3.0.0' and then download the trial version.

                            This will allow you to enter in the users details and then scan the network, they are problem logged into a machine that is locked in the corner that they have forgotten about.
                            @ Laser > It's a problem of a network virus called "win32.kido". I had exact same problem in my domain some months back.

                            Easiest way to get rid is perform Windows updates & keep antivirus updated. In my case I was using Kaspersky antivirus corporate edition and it was able to detect the virus but account lock out issue remained.

                            I had to make sure all PC's are up to date with windows updates.
                            My suggestion to you is rather than downloading loads of updates [ in case you dont have WSUS server ] just download latest months anti malware update from windows update site for all PC's and see the results.

                            I am pretty sure that the issue will be vanished in no time.

                            Regards,
                            Amey.
                            All in 1
                            Solaris,Linux & Windows admin + networking.

                            Comment


                            • #15
                              Re: User account gets locked out automatically

                              Hi,

                              Please indentifiy PDC in your domain by using command "Netdom querry fsmo" . Please check event ID 644 in the security event logs after the account gets locked on PDC. It will show you name of the machine from where this account is getting locked. Remove all schedule task and other share folder save password form that machine.

                              Regards
                              Amit

                              Comment

                              Working...
                              X