none
Account repeated lockout

    Question

  • Hi

    SBS 2011 std.

    An account gets repeatedly locked out. I have disabled the account but after a couple of minutes of unlocking it in AD Users and Computers it gets locked again.

    How can I fix this?

    Thanks

    Regards

    Friday, April 21, 2017 2:14 AM

Answers

  • Hi,

    As far as I know, as Event ID 4776, error C0000064 means user name does not exist, C000006A means user name is correct but the password is wrong.

    >I am trying to find the application responsible for this. 
    If this problem only happens on specific client/user account, please try to re-start the client system in Clean Boot, with 3rd party process/program disabled.

    If the problem will not happen in Clean Boot, please try to manually start other process/program which is disabled by Clean Boot and general in used one by one, in order to narrow down this problem. 

    Or, if possible, you may using network monitoring tool(network monitor, wireshark) to capture packets between client pc and server, it will be helpful for find more user information and have an further identification. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Monday, April 24, 2017 2:13 AM
    Moderator
  • This issue may occur when username is correct, but the password is wrong.

    For details:

    4776: The domain controller attempted to validate the credentials for an account
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4776

    If the issue persist, please try to verify the ports open on the firewall to allow server communication,  try to remove the unwanted third party applications from the server.

    Here is a similar thread for your reference:

    http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/f79a7c6e-00d0-466f-9889-3e333aa29a41

    Also you can get help from this article which describes the root causes of the account lockouts and the ways to troubleshooting them: https://www.lepide.com/blog/what-are-the-common-root-causes-of-account-lockouts-and-do-i-resolve-them/

    Hope this helps!
    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Monday, April 24, 2017 6:32 AM
  • Look for a service or a scheduled task on the client that has the wrong credentials.

    -- Al

    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Tuesday, April 25, 2017 9:03 PM

All replies

  • Hi,

    Please check to see if the suggestions mentioned in “Active Directory: Troubleshooting Frequent Account Lockout” is helpful:
    https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

    If the problem persists, please check Event Viewer and provide related event information. Is there any change before this problem happens? 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 21, 2017 8:10 AM
    Moderator
  • Hi Eve

    Below two events are from client pc. On DC there is also Event ID 4776 with Error Code 0xc000006a.

    I am trying to find the application responsible for this. 

    Thanks

    Regards

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          22/04/2017 21:54:30
    Event ID:      4776
    Task Category: Credential Validation
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      MYPC.mydomain.local
    Description:
    The computer attempted to validate the credentials for an account.
    
    Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account:	my user
    Source Workstation:	
    Error Code:	0xc0000064
    
    
    
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          22/04/2017 21:54:30
    Event ID:      4625
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      MYPC.mydomain.local
    Description:
    An account failed to log on.
    
    Subject:
    	Security ID:		NULL SID
    	Account Name:		-
    	Account Domain:		-
    	Logon ID:		0x0
    
    Logon Type:			3
    
    Account For Which Logon Failed:
    	Security ID:		NULL SID
    	Account Name:		my user
    	Account Domain:		
    
    Failure Information:
    	Failure Reason:		Unknown user name or bad password.
    	Status:			0xc000006d
    	Sub Status:		0xc000006a
    
    Process Information:
    	Caller Process ID:	0x0
    	Caller Process Name:	-
    
    Network Information:
    	Workstation Name:	
    	Source Network Address:	-
    	Source Port:		-
    
    Detailed Authentication Information:
    	Logon Process:		NtLmSsp 
    	Authentication Package:	NTLM
    	Transited Services:	-
    	Package Name (NTLM only):	-
    	Key Length:		0



    • Edited by Y a h y a Saturday, April 22, 2017 10:41 PM
    Saturday, April 22, 2017 9:01 PM
  • Hi,

    As far as I know, as Event ID 4776, error C0000064 means user name does not exist, C000006A means user name is correct but the password is wrong.

    >I am trying to find the application responsible for this. 
    If this problem only happens on specific client/user account, please try to re-start the client system in Clean Boot, with 3rd party process/program disabled.

    If the problem will not happen in Clean Boot, please try to manually start other process/program which is disabled by Clean Boot and general in used one by one, in order to narrow down this problem. 

    Or, if possible, you may using network monitoring tool(network monitor, wireshark) to capture packets between client pc and server, it will be helpful for find more user information and have an further identification. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Monday, April 24, 2017 2:13 AM
    Moderator
  • This issue may occur when username is correct, but the password is wrong.

    For details:

    4776: The domain controller attempted to validate the credentials for an account
    https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4776

    If the issue persist, please try to verify the ports open on the firewall to allow server communication,  try to remove the unwanted third party applications from the server.

    Here is a similar thread for your reference:

    http://social.technet.microsoft.com/Forums/en-US/windowsserver2008r2general/thread/f79a7c6e-00d0-466f-9889-3e333aa29a41

    Also you can get help from this article which describes the root causes of the account lockouts and the ways to troubleshooting them: https://www.lepide.com/blog/what-are-the-common-root-causes-of-account-lockouts-and-do-i-resolve-them/

    Hope this helps!
    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Monday, April 24, 2017 6:32 AM
  • Look for a service or a scheduled task on the client that has the wrong credentials.

    -- Al

    • Marked as answer by Y a h y a Wednesday, April 26, 2017 8:44 AM
    Tuesday, April 25, 2017 9:03 PM
  • Hi,

    How things are going there on this issue?

    Please let me know if you would like further assistance.

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 26, 2017 7:10 AM
    Moderator