Remove From My Forums

User account lockout issue

Question
0

Sign in to vote

Hi,

In our AD environment, some users account is constantly getting locked. I tried and cleard all local password and I am sure user has not saved any in local.

I believe user must have saved password in network/ other computer which is expired and causing the issue, but user does not know which computer.

I want to track down which computer triggering the wrong password and getting the account locked.

I used Microsoft account lockout tool, did not help me much.

Can some one explain/ help me in how do I track that computer and beat him down with base ball bat...!!!

Thanks in Advance..
Mahesh

Wednesday, April 11, 2012 6:46 AM

Answers

1

Sign in to vote
There have been numerous discussions on Account lock out issues in this forum, please refer them, those would give you more idea on tracking lock out sources.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/5942f600-b70f-4530-ad7d-eb413dc17237

http://social.technet.microsoft.com/Forums/en-IE/winservergen/thread/aaa59d9d-09f6-4127-93a1-2d855237c22f

http://social.technet.microsoft.com/Forums/en/winserverDS/thread/3c1862e2-b0a8-4639-b661-ff1af4e328c7

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/c5444e6a-76fd-4649-832c-6ba4b03cd8ab

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/52290128-cda7-4fa9-81d8-66ecf6fb0202/

Also, scan affected user's machine for 'conficker' virus infection, conficker could also be a one of the source for account lock out issues
If it looks good, Eat it ! Likewise, If you don't know the answers, don't hesitate to ask questions !!

This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

About Me !!!
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 6:50 AM
1

Sign in to vote
Launch Lockout status tool.

Put target user name and click ok

It will list the bad password date and assocaited DC.

Logon to that DC and go to the security event and search for event 644 (Window server 2003 ).

Just go to the event ID it will show the account information as well as the computer name where account is getting locked,

Regards,

_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 7:10 AM
0

Sign in to vote
Hello,

Based on the logged events for the lockout, check the source of these events and then on the source computers:

Perform a full scan using your security softwares
Check that there is no service runnng with these users' accounts with a wrong password

More with Paul's article: http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 7:26 AM
0

Sign in to vote
For lockout issue, you need to enable audit policies and analyze event log to troubleshoot it. For more information, please refer to:

Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

Account Lockout and Management Tools
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Hope this helps.

Regards,
Bruce
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Friday, April 13, 2012 6:16 AM

All replies

1

Sign in to vote
There have been numerous discussions on Account lock out issues in this forum, please refer them, those would give you more idea on tracking lock out sources.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/5942f600-b70f-4530-ad7d-eb413dc17237

http://social.technet.microsoft.com/Forums/en-IE/winservergen/thread/aaa59d9d-09f6-4127-93a1-2d855237c22f

http://social.technet.microsoft.com/Forums/en/winserverDS/thread/3c1862e2-b0a8-4639-b661-ff1af4e328c7

http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/c5444e6a-76fd-4649-832c-6ba4b03cd8ab

http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/52290128-cda7-4fa9-81d8-66ecf6fb0202/

Also, scan affected user's machine for 'conficker' virus infection, conficker could also be a one of the source for account lock out issues
If it looks good, Eat it ! Likewise, If you don't know the answers, don't hesitate to ask questions !!

This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

About Me !!!
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 6:50 AM
1

Sign in to vote
Launch Lockout status tool.

Put target user name and click ok

It will list the bad password date and assocaited DC.

Logon to that DC and go to the security event and search for event 644 (Window server 2003 ).

Just go to the event ID it will show the account information as well as the computer name where account is getting locked,

Regards,

_Prashant_
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 7:10 AM
0

Sign in to vote
Hello,

Based on the logged events for the lockout, check the source of these events and then on the source computers:

Perform a full scan using your security softwares
Check that there is no service runnng with these users' accounts with a wrong password

More with Paul's article: http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft Student Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator: Security
Microsoft Certified Systems Engineer: Security
Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist: Windows 7, Configuring
Microsoft Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
Microsoft Certified IT Professional: Enterprise Administrator
Microsoft Certified IT Professional: Server Administrator
Microsoft Certified Trainer
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Wednesday, April 11, 2012 7:26 AM
0

Sign in to vote

Thanks for all your replies.

@Prashanth, I will check that inform you on the same

Thanks once again to all
Mahesh

Thursday, April 12, 2012 5:46 AM
0

Sign in to vote

I think the tool that Prashanth my be refering to is this;

http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Account Lockout and Management tools.

Do you allow your users to recieve emails on mobile devices? if so they may have an old password stored on their phone etc.

Also do your users connect their own devices to a wireless lan that requires authentication? again it may be sotred there.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. If you find an answer helpful then please "Vote As Helpful"

Thursday, April 12, 2012 7:41 AM
0

Sign in to vote
For lockout issue, you need to enable audit policies and analyze event log to troubleshoot it. For more information, please refer to:

Troubleshooting Account Lockout
http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

Account Lockout and Management Tools
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

Hope this helps.

Regards,
Bruce
- Proposed as answer by Jayawardhane Friday, April 13, 2012 9:55 AM
- Marked as answer by Bruce-Liu Monday, April 16, 2012 7:13 AM
Friday, April 13, 2012 6:16 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

User account lockout issue

Question

Answers

All replies