Announcement

Collapse
No announcement yet.

Account locked out depending on the person's location

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Account locked out depending on the person's location

    Hello,

    I have a little problem with a client of mine.


    We use a bunch of 2008R2 terminal servers, a DC, a FS,...

    The user has a laptop joined to our domain. Whenever the user is in the office, thus in our network he experiences absolutely no problems or what so ever.

    If the user tries to work from home, by connection trough a VPN and logging in to the terminal his accounts gets locked out, when he opens our sharepoint page, opens Outlook,.. account locked out.

    About a year ago we migrated from 2003 to 2008R2, also a new domain.

    Possible causes I have looked into:
    • Deleting all old domain accounts
    • He doesn't have a smartphone that receives mail
    • Change the password
    • Deleting the account and recreate it


    Anyone have a clue what the cause might be?
    He only gets locked out when he is not in our network (e.g. at home).

    Thanks in advance!

  • #2
    Re: Account locked out depending on the person's location

    Is he using the laptop at home or some other machine?
    If he is using the laptop, is it the same logon or another account?
    Cached (old) passwords springs to mind as an obvious cause
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Account locked out depending on the person's location

      He uses the same laptop in the office and at home.

      Is there a simple way to delete cached passwords?
      I'll look for that on google too.

      thx

      Comment


      • #4
        Re: Account locked out depending on the person's location

        WHat is the laptop OS?
        Tom Jones
        MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
        PhD, MSc, FIAP, MIITT
        IT Trainer / Consultant
        Ossian Ltd
        Scotland

        ** Remember to give credit where credit is due and leave reputation points where appropriate **

        Comment


        • #5
          Re: Account locked out depending on the person's location

          Windows 7 Professional.

          I have looked in the credential manager on the laptop itself, and it still had a credential to the old domain account, I removed that.

          Comment


          • #6
            Re: Account locked out depending on the person's location

            OK, so you've found the place to look -- now to see if it works!
            What about anything cached in the VPN client app or at the terminal server?
            Tom Jones
            MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
            PhD, MSc, FIAP, MIITT
            IT Trainer / Consultant
            Ossian Ltd
            Scotland

            ** Remember to give credit where credit is due and leave reputation points where appropriate **

            Comment


            • #7
              Re: Account locked out depending on the person's location

              Well, as I have the laptop here with me now, I cannot test it.
              I will ask my client to try several things when he gets home.

              I'm also gonna try connecting to RDP without the VPN.
              We set up a port forwarding on our netscreen to RDP.

              I'll see what that does.

              Thanks for the help

              Comment


              • #8
                Re: Account locked out depending on the person's location

                Originally posted by Joachim View Post
                Windows 7 Professional.

                I have looked in the credential manager on the laptop itself, and it still had a credential to the old domain account, I removed that.
                I suspect this may be your resolution
                Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

                Comment


                • #9
                  Re: Account locked out depending on the person's location

                  1) is the user logging in locally when at home ? ie: computername\username ?
                  2) when he gets the error "account locked out" does his domain account actually locked out ? start logging for failures if you don't know
                  3) ask the user if he's using the same password @ home and in the office (this would be the cached credentials issue)
                  4) create a simple script for the user to run when he's at home after he logs in (ex: set logonserver > c:\logonserver.txt) and check the txt file the next day to see if he gets a particular DC when @ home
                  5) can he log into OWA from home before connecting through VPN ? can he still after receiving the "Account locked out" error after ? (this would be a check the user can do for point 2)

                  Comment


                  • #10
                    Re: Account locked out depending on the person's location

                    I found and fixed the problem.

                    There was indeed an old credential in the windows credential manager.
                    I deleted this and the problem is gone.

                    Thank you all for the help

                    Comment

                    Working...
                    X