Locked out Account

Is this a PDC/BDC pair?

From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy

What is the entry in the Event Log?

This is a windows 95 machine and a PDC. the error in the event
logs is as follows #539 See below. This person is locked out even when they are at home in bed. the system automatically locks the account. You can unlock it and about 30 seconds later it locks itself again.
Logon Failure:
       Reason:            Account locked out
       User Name:      a0195767
       Domain:      DE
       Logon Type:      3
       Logon Process:      KSecDD
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      \\SFELLOWS

Check your user accounts for expiration dates.
This is done in the User Manager, choose your problem user, click the Account Icon. Check the date anjd maybe the system date also.

The account is set to never expire, both the systems times and dates are correct..any other suggestions.

Are you running FAT or NTFS on the server?  Are you sharing any files on the server with this user?

The OS is on a small Fat partition, the system files and all the shares are on NTFS. The person in question has access to about 2000 shares on the server. I actually fixed the problem, by creating a new user account, renaming his old account, and then renaming the new account to his old account name, while this fixed the problem, this comes up on a fairly regular basis, and I'm trying to determine the root cause, so I can fix it.

Make sure that every file and folder which the user is trying to access has Security Permissions set to allow Everyone Full access.  Also ensure that the shared permissions to the folders allow appropriate access to the user.

On the file server, go into NT Explorer and right click on a folder which the user needs to access.  Select Properties then Security, then Permissions.  Ensure 'Replace Permissions on Subdirectories' and 'Replace Permissions on Existing Files' is selected.   Make sure Everyone has Full Control.  Click OK.  Repeat this for every folder the user needs access to.

Now go to Share for each folder and ensure the user has appropriate permissions to access each folder.

If you had read the orginal question, you would see that the problem is that the account is being automatically locked out every 30 seconds even when the guy is at home in bed..
The person in question doesn't have any probems at all if he can
logon as soon as I unlock his account. The problem has nothing to do with permissions on shares. It's an NT server account thing.
But thanks for your efforts

Do u have a BDC on the same network.
If so, try to promt the BDC to PDC, and then promt it back.
I sems like u database is corupt.

Satto

Have you re-applied SP3 on all servers?

I gather that means no, you ignorant ****!

Care to answer the question? Have you re-applied SP3 to
all the servers or have you NOT had to copy any files from
the original distribution disks since you applied them the first
time?

petar, that type of language is not appropriate here.  You have been using this site long enough to know better.  Lamar1 may need more than 19 minutes to reply to your question.  Are we trying to help the guy or abuse him?

ok, ok, ok. I have already sorted this out with lamar1.

Shall we continue?

Is there an account lockout after bad login attempts?
What I'm thinking of is a program (e-mail, whatever) that runs somewhere and is trying to logon with the user name and a bad password.

No, in fact I've had the user turn off the pc, just to be sure..lamar1

Can't you do an audit on the user logins?
The bad logins could happen at another PC.

OK, I'll check the security audit log, but this will take awhile
because there are a lot of users on this domain. I'll get back to you...Lamar

In answer to MadDucks question earlier.
Is this a PDC/BDC pair?
No, its a PDC, and a windows 95 machine.

In answer to biyiadeniran question earlier.From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy
I had the user delete the pwl file and also had him add the registy key not to use or save cached passwords. This didn't help any. The use is being locked out on a windows 95 machine..

You probably know this, but you can export the event log and import it in Excel or Access and search for the info.

Yes I did, I export it into event admin, which puts it in an access database form, but it takes time. since the log is about 20mb..Lamar

Hey lamar,

Is your problem solved? I'm a little curious for the solution.

Look at the comment (above) dated Thursday, April 02 1998 - 04:05AM PST. The problem has always been fixed, I was trying to
determine what causes the problem in the first place..
I'm still looking for the root cause of this problem..Thanks to all, for your help and suggestions...Lamar

it sounds like there is a computer out there that is trying to
connect using this poor guys logonid.  When you have enabled
auditing, and checked the eventlog to find out which PC/server is using the logonid.

oge: I've asked him before to check the event log.
I don't think lamar wants to check the log.

How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?

Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?

Then I received this message while attempting to add this comment.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

Turns out it was a corrupted user database...looks like sconnell
wins the prize. Thanks to all of you that offered solutions.

The problem actually turned out to be that the user was logged on to another PC with his old password. This was causing the account lockouts. As soon as the user found the pc he was logged on to with the old password, and logged off, the problem went away...Lamar

Wow, now that's from a long time ago!  Back in the days when I actually had time to answer questions.... now days, it seems that all I have are questions.  :-(

Looks like you encountered one of those NT quirks.  That's why I love my primary servers being Novell.

We're stuck with gool ol Microsoft.