Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
AD user continuously gets account locked out
- Thread starter almaragni
- Start date
- Thread starter
- #3
Thanks for the tip. We checked scheduled tasks on all servers and pc's involved; but no luck.
We even also changed the password - thinking maybe a change of pace would avoid errors. Still no luck.
Thanks anyway. Maybe someone has another hint.
We even also changed the password - thinking maybe a change of pace would avoid errors. Still no luck.
Thanks anyway. Maybe someone has another hint.
NickFerrar
MIS
Download and run MS's account lockout tools, they can help track down the source of the problem. Lots of stuff can cause it, you also need to check security logs on each DC (assuming you have multiple DCs).
Hardest one I've had to track down turned out be be a disconnected terminal service session, seems although it's disconnected it still polls occassionally and the password is checked so if you leave a disconnected session then change your password you get lockouts after a while.
Hardest one I've had to track down turned out be be a disconnected terminal service session, seems although it's disconnected it still polls occassionally and the password is checked so if you leave a disconnected session then change your password you get lockouts after a while.
I was continuously getting locked out once and it turned out to be some old creds running through sql server reporting services (scheduled delievery). Not saying that this is your problem, just giving an example - because it can be really hard to track down.
biglebowski
Technical User
Check for any services that run under the domain account they may have the wrong password.
When I was born I was so suprised I didn't talk for 18 months
When I was born I was so suprised I didn't talk for 18 months
monsterjta
IS-IT--Management
Do you see any failed security events being logged for that user account? If so, it could be possible that this user account is being password guessed. If that's the case, you should be able to track the source using information in the event logs.
Hope This Helps,
Good Luck!
(Enamoration by Automation)
Hope This Helps,
Good Luck!
(Enamoration by Automation)
- Thread starter
- #8
Thanks everyone so far. GOt some good leads.
Got a login watcher- downloaded - and trying to figure out how to use.
Also looked at security log and found hidden under system user - PRE-AUTHENTICATION errors ... KRBTGT service..
am checking into this first
Got a login watcher- downloaded - and trying to figure out how to use.
Also looked at security log and found hidden under system user - PRE-AUTHENTICATION errors ... KRBTGT service..
am checking into this first
- Thread starter
- #9
Well no luck yet...
THe logon tool was only able to show me the accoount and reset the lockout. The log viewer showed me "675" pre-authentication failure audits - but these were coming all from my citrix box .. which indicates that they are most likely the result of the lockout - not the cause.
Are there some other helpful hints out there?
Thank you
THe logon tool was only able to show me the accoount and reset the lockout. The log viewer showed me "675" pre-authentication failure audits - but these were coming all from my citrix box .. which indicates that they are most likely the result of the lockout - not the cause.
Are there some other helpful hints out there?
Thank you
I have seen this many times when a user is left logged onto a machine somewhere and forgot they were logged on. they log onto a second machine and later change their password. The first machine periodically checks in with the DC and passes the old credentials quickly causing a lockout.
You can use vbscript to query all of your Workstations & DCs to see where the user is getting locked out from.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
You can use vbscript to query all of your Workstations & DCs to see where the user is getting locked out from.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
- Status
Similar threads
- Locked
- Question
- Locked
- Question
