Announcement

Collapse
No announcement yet.

account lock out issue (very wierd)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • account lock out issue (very wierd)

    Hi Guys,

    Recently, I encounter a problem that an user's account kept locked out by itself automatically, user claimed that did not key in password wrongly and there was no map drive or service account which register under the user's ID, somehow the account seem to be locked out by itself.

    I have tried out the account locked tools, registered the alockout.dll and enabled the netlogon log on user's workstation but so weird that the log did not capture any bad password on specified time of account has been locked out. I even analysis the event security log on domain controller but it did not show much details. We have turned on audit account failure option.

    what are the possibilities of causing the account being lock out by itself? It has no fix behaviour as of my observed, I even notice there were several time of user account been locked out while user still had active session on workstation doing work, this is wierd.

    Is anyone encounter such problem before and what could be track down the issue? Appreciate your sharing.

    Many thanks ~

  • #2
    Re: account lock out issue (very wierd)

    How many failed attempts have you configured it to take to lockout the account?

    How long have you configured the lockout to last? What happens if you wait for it to expire?
    Gareth Howells

    BSc (Hons), MBCS, MCP, MCDST, ICCE

    Any advice is given in good faith and without warranty.

    Please give reputation points if somebody has helped you.

    "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

    "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

    Comment


    • #3
      Re: account lock out issue (very wierd)

      You can use eventcomb to search the security log on the DCs for that username and see if it is another workstation locking it. You don't mention what you found so see if that brings up anything more.
      You can also use lockoutstatus to show what time the account was locked.
      I've had problems with the IPSEC service not running, can you check that as well?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: account lock out issue (very wierd)

        Hi gforceindustries,

        Here is our account policy setting, can i know why do you ask about it? because I have compared ours policy to other, it look alike a standard.. so do you think account policy could be a possilbe cause of account locked out?

        Account Policies/Password Policyhide
        Policy Setting
        Enforce password history 5 passwords remembered
        Maximum password age 90 days
        Minimum password age 1 days
        Minimum password length 7 characters
        Password must meet complexity requirements Enabled
        Store passwords using reversible encryption Disabled

        Account Policies/Account Lockout Policyhide
        Policy Setting
        Account lockout duration 0 minutes
        Account lockout threshold 7 invalid logon attempts
        Reset account lockout counter after 30 minutes

        Hi AndyJG247,

        Will check out the IPSEC service on both workstation and servers, as well as will go thru eventcomb to search the security log on the DCs.

        many thanks and appreciatea you guys inputs...

        Comment


        • #5
          Re: account lock out issue (very wierd)

          Originally posted by listlow View Post
          Here is our account policy setting, can i know why do you ask about it?
          Because as you can see, there are policies relating to lockouts...

          Set the lockout duration to > 0 minutes. Say 5 minutes. Then next time the user gets locked out, tell them to wait 5 minutes and try again. See if that helps.
          Gareth Howells

          BSc (Hons), MBCS, MCP, MCDST, ICCE

          Any advice is given in good faith and without warranty.

          Please give reputation points if somebody has helped you.

          "For by now I could have stretched out my hand and struck you and your people with a plague that would have wiped you off the Earth." (Exodus 9:15) - I could kill you with my thumb.

          "Everything that lives and moves will be food for you." (Genesis 9:3) - For every animal you don't eat, I'm going to eat three.

          Comment


          • #6
            Re: account lock out issue (very wierd)

            maybe the user saved his password when a credential window popup
            and after he changed his password, the system using the wrong user name and password.

            Click Start, click Run, type Control Userpasswords2, and then press ENTER.
            Click the Advanced tab, and then click Manage Passwords.

            remove any entry that you see there and try again.
            Any advice is given in good faith and without warranty.
            Please give reputation points where appropriate.

            Comment


            • #7
              Re: account lock out issue (very wierd)

              Does the user hotdesk at all? It's entirely possible he's still logged on at another desk and something from that machine is regularly passing the old password to a server - causing the lockout. We had that problem here recently.

              Comment


              • #8
                Re: account lock out issue (very wierd)

                Check that there are no Scheduled Tasks configured on the workstation or auto match backups set up. Also, check Services to make sure that the user has no special applications running in the background.

                Comment

                Working...
                X