The referenced account is currently locked out and may not be logged on to.
-
2012년 5월 3일 목요일 오후 2:33Hi there...One of the admin account is getting this message "The referenced account is currently locked out and may not be logged on to" every day frequently when logging in to Windows 7 / Server 2008. I also checked the account lockout...I didnt make any changes for a long time. This admin account was fine, without getting this message last week...but towards the end of the month, I reset the password for this account. It started to happen after that. Again today after that happened, I checked the account lockout policy in AD, its set the same as it was before...is there anyway we can stop that happening frequently everyday....pls let me know.
VT
모든 응답
-
2012년 5월 4일 금요일 오전 8:09
1. Are there any traces in Event logs?
2. Try to disable and enable this domain account in domain controller.
Regards
Milos
-
2012년 5월 4일 금요일 오전 9:43중재자
Hi,
The issue can occur if you have mistyped the password several times and the system will block the account for logging on.
In this case, I suggest checking the following settings:
1. Open Control Panel -> Administrative Tools -> Local Security Policy.
2. Click Security Settings -> Account Policies -> Account Lockout Policy.
3. Double-click Account lockout threshold, and type 0 to make “the account will not lock out”.
4. Click OK.
Juke Chou
TechNet Subscriber Support
If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.Juke Chou
TechNet Community Support
-
2012년 5월 4일 금요일 오후 1:56
Perhaps if W 7/W2K8 are part of domain, then there is alternative group policy setting(s). What is set locally in group policy may be disregarded in subsequent GPO settings according to LSDOU rule.
Your problem is not common to the default setting. It is helpful for troubleshooting to know the domain configuration/GPO (resulting set of GPO).
Regards
Milos
-
2012년 5월 4일 금요일 오후 3:20
Here is the event log entries, which is happening in the frequency of 9:03AM - 8:45AM - 8:38AM - 8:34AM - 8:03AM - 7:37AM (last 3 days since I changed the password)
I am sure, its only for one admin ID and there was no changes made in Group Policy in AD (Yes, W7 & Win2K8 are part of the domain) and once I login, I checked the account in the AD, its not locked or disabled. Pls let me know any solutions.
Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Date: 5/4/2012 8:48:36 AM
Event ID: 4625
Task Category: Account Lockout
Level: Information
Keywords: Audit Failure
User: N/A
Computer: server.domain.com
Description:
An account failed to log on.Subject:
Security ID: NULL SID
Account Name: -
Account Domain: -
Logon ID: 0x0Logon Type: 3
Account For Which Logon Failed:
Security ID: NULL SID
Account Name: admin1
Account Domain: domainFailure Information:
Failure Reason: Account locked out.
Status: 0xc0000234
Sub Status: 0x0Process Information:
Caller Process ID: 0x0
Caller Process Name: -Network Information:
Workstation Name: server
Source Network Address: -
Source Port: -Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): -
Key Length: 0This event is generated when a logon request fails. It is generated on the computer where access was attempted.
The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
The Process Information fields indicate which account and process on the system requested the logon.
The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA-3E3B0328C30D}" />
<EventID>4625</EventID>
<Version>0</Version>
<Level>0</Level>
<Task>12546</Task>
<Opcode>0</Opcode>
<Keywords>0x8010000000000000</Keywords>
<TimeCreated SystemTime="2012-05-04T14:48:36.387224800Z" />
<EventRecordID>5256027</EventRecordID>
<Correlation />
<Execution ProcessID="568" ThreadID="23972" />
<Channel>Security</Channel>
<Computer>server.domain.com</Computer>
<Security />
</System>
<EventData>
<Data Name="SubjectUserSid">S-1-0-0</Data>
<Data Name="SubjectUserName">-</Data>
<Data Name="SubjectDomainName">-</Data>
<Data Name="SubjectLogonId">0x0</Data>
<Data Name="TargetUserSid">S-1-0-0</Data>
<Data Name="TargetUserName">admin1</Data>
<Data Name="TargetDomainName">domain</Data>
<Data Name="Status">0xc0000234</Data>
<Data Name="FailureReason">%%2307</Data>
<Data Name="SubStatus">0x0</Data>
<Data Name="LogonType">3</Data>
<Data Name="LogonProcessName">NtLmSsp </Data>
<Data Name="AuthenticationPackageName">NTLM</Data>
<Data Name="WorkstationName">Server</Data>
<Data Name="TransmittedServices">-</Data>
<Data Name="LmPackageName">-</Data>
<Data Name="KeyLength">0</Data>
<Data Name="ProcessId">0x0</Data>
<Data Name="ProcessName">-</Data>
<Data Name="IpAddress">-</Data>
<Data Name="IpPort">-</Data>
</EventData>
</Event>VT
-
2012년 5월 7일 월요일 오후 12:55
Hi Juke / Milos any solutions pls let me know
VT
-
2012년 5월 8일 화요일 오전 10:06중재자
Hi,
I found a troubleshooting guide, please refer to the acrticle to troubleshoot your issue.
http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx
Juke Chou
TechNet Community Support
-
2012년 5월 8일 화요일 오후 12:30
A couple of other things to check:
1. Check the status of this account on each of the DC's - it appears it IS locked out, but you are not seeing it on the one you check
2. Check the account is not being used to run any services, there are no mapped drives using an old password, and no other scripts or scheduled tasks running with these credentials
-
2012년 5월 10일 목요일 오전 12:10
Hi Juke & Richard...thanks for the input....I checked and found that there was a service using that admin account, hence I changed that. Even after that, I found the same thing happening in the same time frequency. I also tried to reset to the old password which didnt have any issue last month...but today, I checked its still the same. Another thing I tried is, used the eventcombMT tool and found this log...any clue please let me know...or any other recommendation, let me know...
4625,AUDIT FAILURE,Microsoft-Windows-Security-Auditing,Wed May 09 16:28:00 2012,No User,An account failed to log on. Subject: Security ID: S-1-0-0 Account Name: - Account Domain: - Logon ID: 0x0 Logon Type: 3 Account For Which Logon Failed: Security ID: S-1-0-0 Account Name: admin Account Domain: domain Failure Information: Failure Reason: %%2307 Status: 0xc0000234 Sub Status: 0x0 Process Information: Caller Process ID: 0x0 Caller Process Name: - Network Information: Workstation Name: client1 Source Network Address: 192.x.x.19 Source Port: 1380 Detailed Authentication Information: Logon Process: NtLmSsp Authentication Package: NTLM Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon request fails. It is generated on the computer where access was attempted. The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network). The Process Information fields indicate which account and process on the system requested the logon. The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
VT
-
2012년 5월 10일 목요일 오전 4:03
The problem you are using is with the account you are using to logon with, the SID is "Nobody"
See here:http://support.microsoft.com/kb/243330
Suggest you create a new user account and try again.
- 답변으로 표시됨 mywindows 2012년 5월 15일 화요일 오후 7:41
-
2012년 5월 10일 목요일 오전 6:08중재자
Hi,
I also notice that the log mentioned the SID is null. Please try the Richard's suggestion to create a new account.
Juke Chou
TechNet Community Support
- 답변으로 표시됨 mywindows 2012년 5월 15일 화요일 오후 7:41
-
2012년 5월 10일 목요일 오전 6:17Thanks Richard and Juke...will try that...any clues what would have caused to change that? as it was fine till last month end. Pls let me know....is there a way I can find what changed it?
VT
- 편집됨 mywindows 2012년 5월 10일 목요일 오전 6:18
-
2012년 5월 10일 목요일 오전 6:48
It could be that your server was created from an image that didn't generate new SID's, you can check your machines sid with http://technet.microsoft.com/en-us/sysinternals/bb897417.aspx
Also, you check your local security policy property "Network Access: Sharing and security model for local accounts" found under "Security Options" - should be at the default setting of "Classic - local users authenticate as themselves"
- 답변으로 표시됨 mywindows 2012년 5월 15일 화요일 오후 7:41
-
2012년 5월 14일 월요일 오전 9:52중재자
Hi,
Any update?
Juke Chou
TechNet Community Support
-
2012년 5월 15일 화요일 오후 7:41Hi Juke...created another user and it works fine...thanks for Richard and your help
VT
-
2012년 5월 16일 수요일 오전 6:42중재자
Hi,
Welcome :)
Glad to hear it works.
Juke Chou
TechNet Community Support
-
2013년 3월 21일 목요일 오후 7:40Sorry, I know this is an old topic, but what worked for me was disabling and re-enabling the domain account.
.png)
