none
Account repeated lockout

    Question

  • Hi

    SBS 2011 std.

    An account gets repeatedly locked out. I have disabled the account but after a couple of minutes of unlocking it in AD Users and Computers it gets locked again.

    How can I fix this?

    Thanks

    Regards

    Friday, April 21, 2017 2:14 AM

All replies

  • Hi,

    Please check to see if the suggestions mentioned in “Active Directory: Troubleshooting Frequent Account Lockout” is helpful:
    https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

    If the problem persists, please check Event Viewer and provide related event information. Is there any change before this problem happens? 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 21, 2017 8:10 AM
    Moderator
  • Hi Eve

    Below two events are from client pc. On DC there is also Event ID 4776 with Error Code 0xc000006a.

    I am trying to find the application responsible for this. 

    Thanks

    Regards

    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          22/04/2017 21:54:30
    Event ID:      4776
    Task Category: Credential Validation
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      MYPC.mydomain.local
    Description:
    The computer attempted to validate the credentials for an account.
    
    Authentication Package:	MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
    Logon Account:	my user
    Source Workstation:	
    Error Code:	0xc0000064
    
    
    
    Log Name:      Security
    Source:        Microsoft-Windows-Security-Auditing
    Date:          22/04/2017 21:54:30
    Event ID:      4625
    Task Category: Logon
    Level:         Information
    Keywords:      Audit Failure
    User:          N/A
    Computer:      MYPC.mydomain.local
    Description:
    An account failed to log on.
    
    Subject:
    	Security ID:		NULL SID
    	Account Name:		-
    	Account Domain:		-
    	Logon ID:		0x0
    
    Logon Type:			3
    
    Account For Which Logon Failed:
    	Security ID:		NULL SID
    	Account Name:		my user
    	Account Domain:		
    
    Failure Information:
    	Failure Reason:		Unknown user name or bad password.
    	Status:			0xc000006d
    	Sub Status:		0xc000006a
    
    Process Information:
    	Caller Process ID:	0x0
    	Caller Process Name:	-
    
    Network Information:
    	Workstation Name:	
    	Source Network Address:	-
    	Source Port:		-
    
    Detailed Authentication Information:
    	Logon Process:		NtLmSsp 
    	Authentication Package:	NTLM
    	Transited Services:	-
    	Package Name (NTLM only):	-
    	Key Length:		0



    • Edited by Y a h y a Saturday, April 22, 2017 10:41 PM
    Saturday, April 22, 2017 9:01 PM
  • Hi,

    As far as I know, as Event ID 4776, error C0000064 means user name does not exist, C000006A means user name is correct but the password is wrong.

    >I am trying to find the application responsible for this. 
    If this problem only happens on specific client/user account, please try to re-start the client system in Clean Boot, with 3rd party process/program disabled.

    If the problem will not happen in Clean Boot, please try to manually start other process/program which is disabled by Clean Boot and general in used one by one, in order to narrow down this problem. 

    Or, if possible, you may using network monitoring tool(network monitor, wireshark) to capture packets between client pc and server, it will be helpful for find more user information and have an further identification. 

    Best Regards,
    Eve Wang

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    3 hours 22 minutes ago
    Moderator