I have searched and cannot seem to find my exact issue.
We have two different deployment environments; one for server and one for desktop.
When the techs try to image up a server, they go through the same process as with desktops. They are prompted for their credentials and everything goes through fine. There is one issue, though,aAfter the imaging is done, they go back to find out that their
domain accounts were locked out. This ONLY happens when they do an MDT deployment.
I researched this and found one article from Niehaus where he said there was an issue identified with BIOS time not being synched. Kerberos identifies this as a bad password etc... However, it has been confirmed that the time is syched properly.
Are there any other ideas as to what may be causing this? The Desktop side is fine, no lockouts.
Any help is greatly appreciated.
"The test of success is not what you do when you are on top. Success is how high you bounce when you hit bottom."
Edited byashtona74Wednesday, March 14, 2012 6:50 PM
Couple of things - What is the current account lockout policy? - By default every server gets installed in PST timezone, have you automated the timezone to your area? After install is the time zone correct? - When you build the servers, are promoting them
to a DC? - When you are building servers, are the credentials used during post configuration and as a service account etc? - Have you tried creating a fresh account and with required permissions and minimum group memberships as compared to the techs? Does
this help? - Lastly, you can use the account lockout tools and look at the security event logs for events (529, 644, 675, 676, and 681) which can help you identify what resource was being accessed due to which there was a account lockout. Account Lockout Tools
- http://technet.microsoft.com/en-us/library/cc738772(v=ws.10).aspx I would start by creating a fresh account for testing.
Regards, Vik Singh "If this thread answered your question, please click on "Mark as Answer"
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.