User account locked out issue randomly. RRS feed

  • Question

  • My manager got issue with his user account locked out every random time so i have to unlock it every now and then.

    what is the best way to troubleshoot this issue ?

    /* Server Support Specialist */

    Thursday, September 6, 2012 1:07 AM


All replies

  • Hello Albert, 

    Here is the way to Troubleshooting Account Lockout:

    Regards, Ravikumar P

    • Proposed as answer by M-Hoveizeh Thursday, September 6, 2012 3:23 AM
    Thursday, September 6, 2012 1:55 AM
  • Hi Albert,

    Please follow the below steps.

    When the account is locked out, please login to any one of the DC and execute LockoutStatus.exe to find from which DC exactly this account is getting locked out. Once you get the DC name, use eventcombMT.exe tool and check from wich machine this account is getting locked out. 

    Once you get that details it will be easy for you to check the issue. 

    Please find below possible causes for account lockout

      • Mismatch of password.
      • Scheduled tasks and persistent drive mappings that have stale credentials.
      • There might be any applications services which uses your id and password too. So change your password in that service.
      • The batch logon type is used by batch servers, where processes may be executing on behalf of a user without their direct intervention.
      • Disconnected Terminal Service sessions that use stale credentials.
      • Stale logon credentials cached by Stored User Names and Passwords in Control Panel
      • Users logging into two or more computers at once and changing their password on one of them.

    Regards, Nidhin.CK

    Thursday, September 6, 2012 3:17 AM
  • Hi Albert,

    you can use Account Lockout and Management Tool.

    Also Netwrix has got good tool to find out account lockout.

    Troubleshooting Account Lockouts the PSS way

    Similar discussions


    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    Thursday, September 6, 2012 4:40 AM
  • Hi,

    Please download Microsoft Account Lockout and Management Tools and use it to troubleshooting account lockout issues.

    Download Account Lockout and Management Tools

    Use EventCombMT.exe utility in this tools to search account lockout event log, Each event in the Netlogon log contains a corresponding error code. The following table describes these error codes.

    Log Code



    Successful login


    The specified user does not exist


    The value provided as the current password is not correct


    Password policy not met


    The attempted logon is invalid due to a bad user name


    User account restriction has prevented successful login


    The user account has time restrictions and may not be logged onto at this time


    The user is restricted and may not log on from the source workstation


    The user account's password has expired


    The user account is currently disabled


    Insufficient system resources


    The user's account has expired


    User must change his password before he logs on the first time


    The user account has been automatically locked

    Also you may try “Account Lockout Examiner” to help your trace down account lockout issue.

    Note: Account Lockout Examiner is third party software.

    This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    For more information please refer to following MS articles:

    Maintaining and Monitoring Account Lockout
    Troubleshooting Account Lockout

    Hope this helps!

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    TechNet Community Support

    Friday, September 7, 2012 2:57 AM
  • Hi,

    I would like to confirm what is the current situation? Have you resolved the problem?

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.


    TechNet Community Support

    Monday, September 10, 2012 2:06 AM
  • Thanks Nidhin,

    So in this case the EventLogged is should be in the PDC role server right ?

    /* Server Support Specialist */

    Saturday, June 1, 2013 1:03 AM
  • Hi Albert,

    If the client computer primary DNS server is directly pointing to PDC then the eventlog (Event ID 4740) will present only in PDC role DC.

    Else this event log will be present in PDC & the DC which is configured as primary DNS server of client machine.

    Short Note: All account lockout events will be present in PDC enabled DC.

    Regards, Nidhin.CK

    Saturday, June 1, 2013 8:07 PM