none
All User Accounts in AD are getting locked automatically. RRS feed

  • Question

  • Hi,
     
    We have Windows 2003 Server as our DC. From yesterday we are facing the problem in our AD. All users accounts are getting locked out automatically. We remove the Lockout option and users login to the systems. Then within 1 min when we check the AD users and Computers there we will fine the User Account is locked out.

    Please help us to solve this problem.

    vijayendra
    Saturday, February 21, 2009 6:03 AM

Answers

  • You have a computer infected with the Conflicker virus. On a domain controller, in the security log, filter for eventid 644. You will see that most of the account lockouts are from a single (or a few) computers. Shut down those computers immediately and then patch them with  KB958644 ( http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03&displaylang=en ) and use an updated antivirus to get rid of the worm.
    • Proposed as answer by Ioan Tataru Saturday, February 21, 2009 2:14 PM
    • Marked as answer by Vijayendra.bn Monday, February 23, 2009 4:18 AM
    Saturday, February 21, 2009 2:14 PM
  • HI, you should check the security log in your  administrator tool,
      
       first check where the user login and when he login.
       second check if there are any virus in ur computer.

    it seem like a computer virus can scan domain user in ur domain control and guess the password.

    so what u do now is:
      
     install hotfix and service pack in ur end-user computer and server
     Locate where the attack from and let the workstation offline if there are any virus in the computer.

    thx!
    • Marked as answer by David Shen Monday, February 23, 2009 10:22 AM
    Monday, February 23, 2009 9:17 AM

All replies

  • HI Vijayendra

    are you facing this problem while the system is idle for 1 min or while user is working?

    try to reset the account.




    regards

    HIMANSHU
    corporate trainer

    Saturday, February 21, 2009 6:27 AM
  • You have a computer infected with the Conflicker virus. On a domain controller, in the security log, filter for eventid 644. You will see that most of the account lockouts are from a single (or a few) computers. Shut down those computers immediately and then patch them with  KB958644 ( http://www.microsoft.com/downloads/details.aspx?familyid=0D5F9B6E-9265-44B9-A376-2067B73D6A03&displaylang=en ) and use an updated antivirus to get rid of the worm.
    • Proposed as answer by Ioan Tataru Saturday, February 21, 2009 2:14 PM
    • Marked as answer by Vijayendra.bn Monday, February 23, 2009 4:18 AM
    Saturday, February 21, 2009 2:14 PM
  • Thanks Nereprezentativ,

    I did as you said and got the issue resolved. I installed the patch and then run the Conflicer Virus removal toll provided by the Symantec and my problem got resolved.

    Thank you very much..
    Monday, February 23, 2009 4:18 AM
  • HI, you should check the security log in your  administrator tool,
      
       first check where the user login and when he login.
       second check if there are any virus in ur computer.

    it seem like a computer virus can scan domain user in ur domain control and guess the password.

    so what u do now is:
      
     install hotfix and service pack in ur end-user computer and server
     Locate where the attack from and let the workstation offline if there are any virus in the computer.

    thx!
    • Marked as answer by David Shen Monday, February 23, 2009 10:22 AM
    Monday, February 23, 2009 9:17 AM