none
User account locked out issue randomly. RRS feed

  • Question

  • My manager got issue with his user account locked out every random time so i have to unlock it every now and then.

    what is the best way to troubleshoot this issue ?


    /* Server Support Specialist */

    Thursday, September 6, 2012 1:07 AM

Answers

All replies

  • Hello Albert, 

    Here is the way to Troubleshooting Account Lockout:http://technet.microsoft.com/en-us/library/cc773155(v=WS.10).aspx


    Regards, Ravikumar P

    • Proposed as answer by M-Hoveizeh Thursday, September 6, 2012 3:23 AM
    Thursday, September 6, 2012 1:55 AM
  • Hi Albert,

    Please follow the below steps.

    When the account is locked out, please login to any one of the DC and execute LockoutStatus.exe to find from which DC exactly this account is getting locked out. Once you get the DC name, use eventcombMT.exe tool and check from wich machine this account is getting locked out. 

    Once you get that details it will be easy for you to check the issue. 

    Please find below possible causes for account lockout

      • Mismatch of password.
      • Scheduled tasks and persistent drive mappings that have stale credentials.
      • There might be any applications services which uses your id and password too. So change your password in that service.
      • The batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.
      • Disconnected Terminal Service sessions that use stale credentials.
      • Stale logon credentials cached by Stored User Names and Passwords in Control Panel
      • Users logging into two or more computers at once and changing their password on one of them.


    Regards, Nidhin.CK

    Thursday, September 6, 2012 3:17 AM
  • Hi Albert,

    you can use Account Lockout and Management Tool.
    http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=18465

    Also Netwrix has got good tool to find out account lockout.
    http://www.netwrix.com/account_lockout_troubleshooting.html

    Troubleshooting Account Lockouts the PSS way
    http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

    Similar discussions
    http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/aaa59d9d-09f6-4127-93a1-2d855237c22f

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d07115e7-a0b6-4949-a449-f199573c44e4


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, September 6, 2012 4:40 AM
  • Hi,

    Please download Microsoft Account Lockout and Management Tools and use it to troubleshooting account lockout issues.

    Download Account Lockout and Management Tools
    http://www.microsoft.com/en-us/download/details.aspx?id=18465

    Use EventCombMT.exe utility in this tools to search account lockout event log, Each event in the Netlogon log contains a corresponding error code. The following table describes these error codes.

    Log Code

    Description

    0x0

    Successful login

    0xC0000064

    The specified user does not exist

    0xC000006A

    The value provided as the current password is not correct

    0xC000006C

    Password policy not met

    0xC000006D

    The attempted logon is invalid due to a bad user name

    0xC000006E

    User account restriction has prevented successful login

    0xC000006F

    The user account has time restrictions and may not be logged onto at this time

    0xC0000070

    The user is restricted and may not log on from the source workstation

    0xC0000071

    The user account's password has expired

    0xC0000072

    The user account is currently disabled

    0xC000009A

    Insufficient system resources

    0xC0000193

    The user's account has expired

    0xC0000224

    User must change his password before he logs on the first time

    0xC0000234

    The user account has been automatically locked

    Also you may try “Account Lockout Examiner” to help your trace down account lockout issue.

    Note: Account Lockout Examiner is third party software.
    http://www.netwrix.com/account_lockout_examiner.html

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    For more information please refer to following MS articles:

    Maintaining and Monitoring Account Lockout
    http://technet.microsoft.com/en-us/library/cc776964(WS.10).aspx
    Troubleshooting Account Lockout
    http://technet.microsoft.com/en-us/library/cc773155(v=ws.10)


    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.



    Lawrence

    TechNet Community Support

    Friday, September 7, 2012 2:57 AM
    Moderator
  • Hi,

    I would like to confirm what is the current situation? Have you resolved the problem?

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.


    Lawrence

    TechNet Community Support

    Monday, September 10, 2012 2:06 AM
    Moderator
  • Thanks Nidhin,

    So in this case the EventLogged is should be in the PDC role server right ?


    /* Server Support Specialist */

    Saturday, June 1, 2013 1:03 AM
  • Hi Albert,

    If the client computer primary DNS server is directly pointing to PDC then the eventlog (Event ID 4740) will present only in PDC role DC.

    Else this event log will be present in PDC & the DC which is configured as primary DNS server of client machine.

    Short Note: All account lockout events will be present in PDC enabled DC.


    Regards, Nidhin.CK

    Saturday, June 1, 2013 8:07 PM