Locked out Account

Currently we have had users accounts that are being locked out even after they are unlocked in user manager. 30 seconds or so later, they are locked out again even if the user is not using the computer indicated or attempting to log on to the network. This is seen in the Event Log every 30 seconds and verified in user manager for domains.
We're running NT4.0 Server with Service Pac 3

SUGGESTED SOLUTION:
lamar1Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MaDdUCKCommented:
Is this a PDC/BDC pair?
0
biyiadeniranCommented:
From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy
0
akbCommented:
What is the entry in the Event Log?
0
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

lamar1Author Commented:
This is a windows 95 machine and a PDC. the error in the event
logs is as follows #539 See below. This person is locked out even when they are at home in bed. the system automatically locks the account. You can unlock it and about 30 seconds later it locks itself again.
Logon Failure:
       Reason:            Account locked out
       User Name:      a0195767
       Domain:      DE
       Logon Type:      3
       Logon Process:      KSecDD
       Authentication Package:      MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
       Workstation Name:      \\SFELLOWS
0
EddyvdwCommented:
Check your user accounts for expiration dates.
This is done in the User Manager, choose your problem user, click the Account Icon. Check the date anjd maybe the system date also.
0
lamar1Author Commented:
The account is set to never expire, both the systems times and dates are correct..any other suggestions.
0
akbCommented:
Are you running FAT or NTFS on the server?  Are you sharing any files on the server with this user?
0
lamar1Author Commented:
The OS is on a small Fat partition, the system files and all the shares are on NTFS. The person in question has access to about 2000 shares on the server. I actually fixed the problem, by creating a new user account, renaming his old account, and then renaming the new account to his old account name, while this fixed the problem, this comes up on a fairly regular basis, and I'm trying to determine the root cause, so I can fix it.
0
akbCommented:
Make sure that every file and folder which the user is trying to access has Security Permissions set to allow Everyone Full access.  Also ensure that the shared permissions to the folders allow appropriate access to the user.

On the file server, go into NT Explorer and right click on a folder which the user needs to access.  Select Properties then Security, then Permissions.  Ensure 'Replace Permissions on Subdirectories' and 'Replace Permissions on Existing Files' is selected.   Make sure Everyone has Full Control.  Click OK.  Repeat this for every folder the user needs access to.

Now go to Share for each folder and ensure the user has appropriate permissions to access each folder.

0
lamar1Author Commented:
If you had read the orginal question, you would see that the problem is that the account is being automatically locked out every 30 seconds even when the guy is at home in bed..
The person in question doesn't have any probems at all if he can
logon as soon as I unlock his account. The problem has nothing to do with permissions on shares. It's an NT server account thing.
But thanks for your efforts

0
sattoCommented:
Do u have a BDC on the same network.
If so, try to promt the BDC to PDC, and then promt it back.
I sems like u database is corupt.

Satto

0
petarCommented:
Have you re-applied SP3 on all servers?
0
petarCommented:
I gather that means no, you ignorant ****!

Care to answer the question? Have you re-applied SP3 to
all the servers or have you NOT had to copy any files from
the original distribution disks since you applied them the first
time?
0
akbCommented:
petar, that type of language is not appropriate here.  You have been using this site long enough to know better.  Lamar1 may need more than 19 minutes to reply to your question.  Are we trying to help the guy or abuse him?
0
petarCommented:
ok, ok, ok. I have already sorted this out with lamar1.

Shall we continue?
0
EddyvdwCommented:
Is there an account lockout after bad login attempts?
What I'm thinking of is a program (e-mail, whatever) that runs somewhere and is trying to logon with the user name and a bad password.
0
lamar1Author Commented:
No, in fact I've had the user turn off the pc, just to be sure..lamar1
0
EddyvdwCommented:
Can't you do an audit on the user logins?
The bad logins could happen at another PC.
0
lamar1Author Commented:
OK, I'll check the security audit log, but this will take awhile
because there are a lot of users on this domain. I'll get back to you...Lamar
0
lamar1Author Commented:
In answer to MadDucks question earlier.
Is this a PDC/BDC pair?
No, its a PDC, and a windows 95 machine.

0
lamar1Author Commented:
In answer to biyiadeniran question earlier.From which workstion are they being locked out? Check if there is a saved password that  the workstion is trying to us automaticalyy
I had the user delete the pwl file and also had him add the registy key not to use or save cached passwords. This didn't help any. The use is being locked out on a windows 95 machine..

0
EddyvdwCommented:
You probably know this, but you can export the event log and import it in Excel or Access and search for the info.

0
lamar1Author Commented:
Yes I did, I export it into event admin, which puts it in an access database form, but it takes time. since the log is about 20mb..Lamar
0
EddyvdwCommented:
Hey lamar,

Is your problem solved? I'm a little curious for the solution.
0
lamar1Author Commented:
Look at the comment (above) dated Thursday, April 02 1998 - 04:05AM PST. The problem has always been fixed, I was trying to
determine what causes the problem in the first place..
I'm still looking for the root cause of this problem..Thanks to all, for your help and suggestions...Lamar
0
ogeCommented:
it sounds like there is a computer out there that is trying to
connect using this poor guys logonid.  When you have enabled
auditing, and checked the eventlog to find out which PC/server is using the logonid.
0
EddyvdwCommented:
oge: I've asked him before to check the event log.
I don't think lamar wants to check the log.
0
S ConnellyTechnical WriterCommented:
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
S ConnellyTechnical WriterCommented:
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0
S ConnellyTechnical WriterCommented:
How about:
Disconnecting the PDC from the network altogether and see if it locks out an account (without any possibility of interference from a client station).  If the account doesn't lock out, reconnect to the network and disable one network segment at a time....until you pinpoint the external problem location.   If it's internal, it's likely a corrupted user database.....been there done that although I've never heard of this specific problem!!

0
S ConnellyTechnical WriterCommented:
Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?
0
S ConnellyTechnical WriterCommented:
Is there a problem with the Expert Exchange s/w?   Why did it repeat my previous comment three times?

Then I received this message while attempting to add this comment.

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
S ConnellyTechnical WriterCommented:
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
S ConnellyTechnical WriterCommented:
Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@experts-exchange.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
0
lamar1Author Commented:
Turns out it was a corrupted user database...looks like sconnell
wins the prize. Thanks to all of you that offered solutions.
0
lamar1Author Commented:
The problem actually turned out to be that the user was logged on to another PC with his old password. This was causing the account lockouts. As soon as the user found the pc he was logged on to with the old password, and logged off, the problem went away...Lamar
0
S ConnellyTechnical WriterCommented:
Wow, now that's from a long time ago!  Back in the days when I actually had time to answer questions.... now days, it seems that all I have are questions.  :-(

Looks like you encountered one of those NT quirks.  That's why I love my primary servers being Novell.
0
lamar1Author Commented:
We're stuck with gool ol Microsoft.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.