Announcement

Collapse
No announcement yet.

ACCOUNT Lock out in Domain controller

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • ACCOUNT Lock out in Domain controller

    Any help? All users enrolled in active directory are always being locked out for some reasons. It is a possible virus infection? Our Norton Antivirus is always updated, all Microsoft patches are also installed, we also have firewall. There is no patterm on the frequency of lock out. sometimes in 5 minutes it will lockout again, sometimes 1 day, and sometimes would take 1 week,

    Please help. Thank you..

  • #2
    Re: ACCOUNT Lock out in Domain controller

    Implement a security auditing and check the event viewer in the dc.
    try to scan your computers with a different antivirus like trend micro or else.
    i dont think symantec antivirus is a good choice
    Good Luck

    Shai

    MCSE 2003+Security;MCSE 2003+Messaging
    HP ASE;HP AIS;HP APS

    So, from me to all of you out there, wherever you are, remember:
    the light at the end of the tunnel may be you. Good Day!

    Comment


    • #3
      Re: ACCOUNT Lock out in Domain controller

      We've been using Symantec Anti Virus Corporate Edition for 5+ years without experiencing this account lockout issue.

      You could prove or disprove this theory by uninstalling Symantec Anti Virus from a group of workstations for a month and see what happens. If accounts still lock out, you'll know Symantec was not the problem.

      Jas
      VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
      boche.net - VMware Virtualization Evangelist
      My advice has no warranties. Follow at your own risk.

      Comment


      • #4
        Re: ACCOUNT Lock out in Domain controller

        I didn't say that symantec anti virus is the reason for locking the accounts,
        for my opinion, if there is a virus or treat that is trying to brute-force your accounts, the symantec anti virus barely find it .
        Good Luck

        Shai

        MCSE 2003+Security;MCSE 2003+Messaging
        HP ASE;HP AIS;HP APS

        So, from me to all of you out there, wherever you are, remember:
        the light at the end of the tunnel may be you. Good Day!

        Comment


        • #5
          Re: ACCOUNT Lock out in Domain controller

          Thank you for clarifying. I misinterpreted your reply.

          This would lead to speculation that all computers in the domain are infected with an undetected virus. Not a good situation to be in.
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: ACCOUNT Lock out in Domain controller

            First of all, this thing could happen.
            secondly it may be one computer that is infected with a virus and it is the dc.
            Good Luck

            Shai

            MCSE 2003+Security;MCSE 2003+Messaging
            HP ASE;HP AIS;HP APS

            So, from me to all of you out there, wherever you are, remember:
            the light at the end of the tunnel may be you. Good Day!

            Comment


            • #7
              Re: ACCOUNT Lock out in Domain controller

              This can and should be verified using the lockoutstatus.exe Win2k3 resource Kit utility.

              This utility will query all domain controllers for last account lockout and bad password attempt, among other things.

              As was mentioned previously, scan the security event logs for the source of the bad password attempt/lockout. A Microsoft utility called eventcomb.exe will parse all domain controller security logs for these events and dump them into one file for you. See the following thread on eventcomb: http://forums.petri.com/showthread.p...ight=eventcomb
              Attached Files
              VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
              boche.net - VMware Virtualization Evangelist
              My advice has no warranties. Follow at your own risk.

              Comment


              • #8
                Re: ACCOUNT Lock out in Domain controller

                Lockouts can also occur due to the following (as described at the link below):

                - Applications using cached credentials that are stale.
                -Stale service accountpasswords cached by the Service Control Manager (SCM).
                -Stale logon credentials cached by Stored User Names and Passwords in Control Panel.
                -Scheduled tasks and persistent drive mappings that have stale credentials.
                -Disconnected Terminal Service sessions that use stale credentials.
                -Failure of Active Directory replication between domain controllers.
                -Users logging into two or more computers at once and changing their password on one of them.


                http://www.windowsecurity.com/articl...t-Lockout.html

                Curious to find out the cause of your situation.

                Comment

                Working...
                X