Frequent Account lockout troubleshoot

Most of the users account will get locked from locally desktops and Mobile devices or idle sessions on Server / workstation, We need to start Acount lokout trobleshooting from below order.

  1. Client side troubleshooting
  2. Mobile device / BYOD
  3. Server side checklist
Perform the below steps on client side (Local desktop / Laptop)

  • Check If a Local User Account is present with the same Name as AD account, If same ID is available, Rename local ID to some other ID.
  • Clear Temporary Files
  • Delete Cookies / Temp Files / History / Saved passwords / Forms / from all the Browsers.
  • Start — > Run –> Temp –> Delete all temp files.
  • Start –> Run –> Prefetch –> Delete all Prefetch files.
  • Remove Mapped drives from my computer.  My Computer –> Right click on Shared drive –> click on Disconnect
  • If Adobe reader is installed, backend it will be trying to check for latest update, Delete the Adobe updater file from below path. Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader version \Reader
  • Remove stored passwords from Control Panel
  • Start –> Run –> Type Control UserPasswords2 , Click on Advanced managed passwords and delete all the passwords
  • Remote unwanted applications from startups (Run –> msconfig –> startup –> Uncheck unwanted software’s)
  • Scan the entire HDD and update the Antivirus agent
  • Check the third party software’s installed on client side, If it’s not required, Uninstall.
  • Open the Task Scheduler (Run --> Tasks) and delete the unwanted tasks. Most of the time, Automatic backup / Google Update / Apple Updates will be installed by default) Remove all.
  • Uninstall Auto update software’s in control panel (You can update these software’s manually)
  • If user’s account acts as a service account (Update the latest password in Service).
  • User’s account used as an IIS application pool identity.

Perform the below steps on Mobile devices / Smart phone (BYOD)

 If user recently changed password and forgot to update in Mobile devices, that cause the account lockout for user ID,
Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO’s), it locks his account. Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

  • Go to account settings in Mobile device and update the latest password.
  • Reboot the device if required.
  • Is issue persists, Delete and reconfigure the device,
  • If you found that account is getting locked from mobile device, and unable to fix the by performing above steps, Take necessary backup and Wipe the device completely and reconfigure the device.

User below tools to find out source of the account lockout - On Server

1.Account Lockout and Management Tool.
 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

2.Netwrix is also a good tool to find out account lockout.
http://www.netwrix.com/account_lockout_troubleshooting.html

3.Troubleshooting Account Lockouts the PSS way
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

4.Use account lockout tools to find out more information,
http://technet.microsoft.com/en-us/library/cc738772(WS.10).aspx

5.Refer below article for Best practices and Standards
http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

6.Track the account lockouts using the checked Netlogon.dll
http://support.microsoft.com/kb/189541



Regards,
Manjunath Sullad
Click here to View My Blog