asked on

windows 2003 active directory account lock out

I have account which gets locked out every 2 minutes I don't understand why its getting locked out. I have downloaded altools but I can find it really help ful. Any suggestions or any other tools which would tell me why this accounts getting locked out.

ASKER CERTIFIED SOLUTION

Toni Uranjek

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Jejin Joseph

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Malli Boppe

ASKER

On out DC's I can find any event id 529

Toni Uranjek

Dou you have Logon/logoff and Account logon auditing enabled in Default Domain Controllers policy?

Jejin Joseph

This article might be of interest.
http://support.gfi.com/manuals/en/lanselm5/lanselm5manual-1-33.html

Make sure that you have enabled account logon events for failure.

Malli Boppe

ASKER

Where can I enable that.

Jejin Joseph

Domain Controller Secirity Policy.

http://technet2.microsoft.com/windowsserver/en/library/5658fae8-985f-48cc-b1bf-bd47dc2109161033.mspx?mfr=true

Toni Uranjek

Go to Group Policy Managment Console, right click Default Domain Controller Policy Group Policy Objects, and then click Edit. Expand the following nodes in the following order: Computer Configuration, Windows Settings, Security Settings, Local Policies and then Audit Policy. Double click Account Logon, click the Audit Successful Attempts and/or the Audit Failed Attempts Repeat the same procedure for Logon/logoff events.

Malli Boppe

ASKER

I enabled the logging but still can't see any event id 529.Instead I see the following error on in the System event of DC. The server on which this account was used by an appliaction has 0Mb free space for a while I just cleared up the space today.Any suggestions on how I can fix that I don't want to reset the password as it might break the application that we are running.

The SAM database was unable to lockout the account of ? due to a resource
error, such as a hard disk write failure (the specific error code is in the
error data) . Accounts are locked after a certain number of bad passwords
are provided so please consider resetting the password of the account
mentioned above.

SOLUTION

dooleydog

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Malli Boppe

ASKER

I have already cleared the space.
The password was never changed and account was created to never expire the password.
I don't want to reset the password.

Malli Boppe

ASKER

I have reset the password. But it still keeps locking out.

MANGO247

I have similar problem. In my case i can locate the event id 529 but it only suggest name of my domain controller. I cant trace the machine that is actually causing it

Here is Event 529
Logon Failure:
     Reason:            Unknown user name or bad password
     User Name:      userfirstname.lastname
     Domain:
     Logon Type:      3
     Logon Process:      Advapi
     Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
     Workstation Name:      mydomaincontroller
     Caller User Name:      mydomaincontroller$
     Caller Domain:      mydomain
     Caller Logon ID:      (0x0,0x3E7)
     Caller Process ID:      5772
     Transited Services:      -
     Source Network Address:      -
     Source Port:      -

here is Event 644
User Account Locked Out:
     Target Account Name:      userfirstname.lastname
     Target Account ID:      mydomain\userfirstname.lastname
     Caller Machine Name:      mydomaincontroller
     Caller User Name:      mydomaincontroller$
     Caller Domain:      mydomain
     Caller Logon ID:      (0x0,0x3E7)