Solved

Locked out Account

Posted on 1998-03-31
38
563 Views
Last Modified: 2013-12-28
Currently we have had users accounts that are being locked out even after they are unlocked in user manager. 30 seconds or so later, they are locked out again even if the user is not using the computer indicated or attempting to log on to the network. This is seen in the Event Log every 30 seconds and verified in user manager for domains.
We're running NT4.0 Server with Service Pac 3

SUGGESTED SOLUTION:
0
Comment
Question by:lamar1
  • 13
  • 8
  • 6
  • +6
38 Comments
 
LVL 8

Expert Comment

by:MaDdUCK
ID: 1791531
Is this a PDC/BDC pair?
0
 
LVL 3

Expert Comment

by:biyiadeniran
ID: 1791532
From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy
0
 
LVL 13

Expert Comment

by:akb
ID: 1791533
What is the entry in the Event Log?
0
 

Author Comment

by:lamar1
ID: 1791534
This is a windows 95 machine and a PDC. the error in the event
logs is as follows #539 See below. This person is locked out even when they are at home in bed. the system automatically locks the account. You can unlock it and about 30 seconds later it locks itself again.
Logon Failure:
       Reason:            Account locked out
       User Name:      a0195767
       Domain:      DE
       Logon Type:      3
       Logon Process:      KSecDD
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      \\SFELLOWS
0
 

Expert Comment

by:Eddyvdw
ID: 1791535
Check your user accounts for expiration dates.
This is done in the User Manager, choose your problem user, click the Account Icon. Check the date anjd maybe the system date also.
0
 

Author Comment

by:lamar1
ID: 1791536
The account is set to never expire, both the systems times and dates are correct..any other suggestions.
0
 
LVL 13

Expert Comment

by:akb
ID: 1791537
Are you running FAT or NTFS on the server?  Are you sharing any files on the server with this user?
0
 

Author Comment

by:lamar1
ID: 1791538
The OS is on a small Fat partition, the system files and all the shares are on NTFS. The person in question has access to about 2000 shares on the server. I actually fixed the problem, by creating a new user account, renaming his old account, and then renaming the new account to his old account name, while this fixed the problem, this comes up on a fairly regular basis, and I'm trying to determine the root cause, so I can fix it.
0
 
LVL 13

Expert Comment

by:akb
ID: 1791539
Make sure that every file and folder which the user is trying to access has Security Permissions set to allow Everyone Full access.  Also ensure that the shared permissions to the folders allow appropriate access to the user.

On the file server, go into NT Explorer and right click on a folder which the user needs to access.  Select Properties then Security, then Permissions.  Ensure 'Replace Permissions on Subdirectories' and 'Replace Permissions on Existing Files' is selected.   Make sure Everyone has Full Control.  Click OK.  Repeat this for every folder the user needs access to.

Now go to Share for each folder and ensure the user has appropriate permissions to access each folder.

0
 

Author Comment

by:lamar1
ID: 1791540
If you had read the orginal question, you would see that the problem is that the account is being automatically locked out every 30 seconds even when the guy is at home in bed..
The person in question doesn't have any probems at all if he can
logon as soon as I unlock his account. The problem has nothing to do with permissions on shares. It's an NT server account thing.
But thanks for your efforts

0
 

Expert Comment

by:satto
ID: 1791541
Do u have a BDC on the same network.
If so, try to promt the BDC to PDC, and then promt it back.
I sems like u database is corupt.

Satto

0
 
LVL 3

Expert Comment

by:petar
ID: 1791542
Have you re-applied SP3 on all servers?
0
 
LVL 3

Expert Comment

by:petar
ID: 1791543
I gather that means no, you ignorant ****!

Care to answer the question? Have you re-applied SP3 to
all the servers or have you NOT had to copy any files from
the original distribution disks since you applied them the first
time?
0
 
LVL 13

Expert Comment

by:akb
ID: 1791544
petar, that type of language is not appropriate here.  You have been using this site long enough to know better.  Lamar1 may need more than 19 minutes to reply to your question.  Are we trying to help the guy or abuse him?
0
 
LVL 3

Expert Comment

by:petar
ID: 1791545
ok, ok, ok. I have already sorted this out with lamar1.

Shall we continue?
0
 

Expert Comment

by:Eddyvdw
ID: 1791546
Is there an account lockout after bad login attempts?
What I'm thinking of is a program (e-mail, whatever) that runs somewhere and is trying to logon with the user name and a bad password.
0
 

Author Comment

by:lamar1
ID: 1791547
No, in fact I've had the user turn off the pc, just to be sure..lamar1
0
 

Expert Comment

by:Eddyvdw
ID: 1791548
Can't you do an audit on the user logins?
The bad logins could happen at another PC.
0
 

Author Comment

by:lamar1
ID: 1791549
OK, I'll check the security audit log, but this will take awhile
because there are a lot of users on this domain. I'll get back to you...Lamar
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:lamar1
ID: 1791550
In answer to MadDucks question earlier.
Is this a PDC/BDC pair?
No, its a PDC, and a windows 95 machine.

0
 

Author Comment

by:lamar1
ID: 1791551
In answer to biyiadeniran question earlier.From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy
I had the user delete the pwl file and also had him add the registy key not to use or save cached passwords. This didn't help any. The use is being locked out on a windows 95 machine..

0
 

Expert Comment

by:Eddyvdw
ID: 1791552
You probably know this, but you can export the event log and import it in Excel or Access and search for the info.

0
 

Author Comment

by:lamar1
ID: 1791553
Yes I did, I export it into event admin, which puts it in an access database form, but it takes time. since the log is about 20mb..Lamar
0
 

Expert Comment

by:Eddyvdw
ID: 1791554
Hey lamar,

Is your problem solved? I'm a little curious for the solution.
0
 

Author Comment

by:lamar1
ID: 1791555
Look at the comment (above) dated Thursday, April 02 1998 - 04:05AM PST. The problem has always been fixed, I was trying to
determine what causes the problem in the first place..
I'm still looking for the root cause of this problem..Thanks to all, for your help and suggestions...Lamar
0
 

Expert Comment

by:oge
ID: 1791556
it sounds like there is a computer out there that is trying to
connect using this poor guys logonid.  When you have enabled
auditing, and checked the eventlog to find out which PC/server is using the logonid.
0
 

Expert Comment

by:Eddyvdw
ID: 1791557
oge: I've asked him before to check the event log.
I don't think lamar wants to check the log.
0
 
LVL 4

Accepted Solution

by:
sconnell earned 400 total points
ID: 1791558
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791559
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791560
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791561
Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?
0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791562
Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?

Then I received this message while attempting to add this comment.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791563
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
 
LVL 4

Expert Comment

by:sconnell
ID: 1791564
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
 

Author Comment

by:lamar1
ID: 1791565
Turns out it was a corrupted user database...looks like sconnell
wins the prize. Thanks to all of you that offered solutions.
0
 

Author Comment

by:lamar1
ID: 2631345
The problem actually turned out to be that the user was logged on to another PC with his old password. This was causing the account lockouts. As soon as the user found the pc he was logged on to with the old password, and logged off, the problem went away...Lamar
0
 
LVL 4

Expert Comment

by:sconnell
ID: 2705654
Wow, now that's from a long time ago!  Back in the days when I actually had time to answer questions.... now days, it seems that all I have are questions.  :-(

Looks like you encountered one of those NT quirks.  That's why I love my primary servers being Novell.
0
 

Author Comment

by:lamar1
ID: 2705738
We're stuck with gool ol Microsoft.
0

Featured Post

How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

Join & Write a Comment

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now