Solved

I keep getting locked out!

Posted on 2004-04-21
12
1,001 Views
Last Modified: 2010-04-13
Surely some of you admins have seen this...anyone have an answer?

I'm in a W2k AD.
Seems like every time I change my password, I go through about 2 weeks of having it lock on me for no apparent reason.
I'll be navigating thru my servers and all of a sudden get the "attempt to compromise security" message, or simpy a message that my account is locked out.

I'm sure the reason is that somewhere among the 140+ servers I support, I locked the remote console instead of logging out (or at least partially sure).

a) any way around this
b) any way of determining if my account is logged on elsewhere?

TIA
0
Comment
Question by:sirbounty
  • 5
  • 3
  • 2
  • +1
12 Comments
 
LVL 7

Assisted Solution

by:magus123
magus123 earned 75 total points
ID: 10879547
i am sure you caon probably do some auditing policy are something of that nature.
your delima represents a security issue , permission issue , request issue etc.
you should have a policy in place to track logon requests , user and group manamagment etc
forthe admin account

i would setup up a audit that tracks all deny logon requests for the network.

have you checked  AD to see if no one else has the same power as you

etc....
0
 
LVL 1

Assisted Solution

by:ninpokai
ninpokai earned 75 total points
ID: 10880909
Not sure if this is the same problem as what I had.  For some reason after I changed my password i would, periodically, throughout the day get locked out.  I would have to get back in and unlock my account and then a couple of hours later I got locked out again.  I simply took my workstation back to a workgroup and rejoined the domain and it's been fine since...not sure why it worked or why it happened...let me know how it does.

Nin
0
 
LVL 67

Author Comment

by:sirbounty
ID: 10883018
>magus123 - I think I'd have to set up this policy across the enterprise - wouldn't I?  Not something I'm prepared to do.
Also, it's not like I've tried logging in with the wrong password - I am logged on for an hour or more before the 'weirdness' kicks in...

>ninpokai - Hmm - almost sounded like this would be on the right track, but I've experienced this problem through about 4 rebuilds now (over a year or longer) - so I don't think that'd do it...If no other suggestions, I may still give it a shot though.. Thanx.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 7

Expert Comment

by:magus123
ID: 10886312
i would not use audting or tracking on  very large enterprise , as it would slow down traffic and
cause behaviors , its only ment for samller local intranets. i would wait for someone that has
more experience to post .

have looked on ms support for known lockout issues in AD
0
 
LVL 67

Author Comment

by:sirbounty
ID: 10888608
Strange thing is - it's happening with both of my accounts.
I have an 'admin' account and a 'user' account.  I change the password on both at the same time, so they'll stay in synch.
I know I wouldn't have used my user account elsewhere...it's only used to get into my email - and I was in there fine and working when it locked on me... :(
0
 
LVL 1

Expert Comment

by:ninpokai
ID: 10888635
have you logged out of the domain and back in...??? Just curious if you user profile is corrupted for some reason...
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 100 total points
ID: 10890295
I actually saw this thread yesterday, and gave it some thought..  Nothing really came to mind so I thought I would just wait for a brilliant answer to your problem...  :)

This probably does not apply to your situation, but..

http://support.microsoft.com/?kbid=275508

What about using a 15 char password (if you are not already..)  Take the LM hash out of the mix..  You could even use a null char (a) to string it out..   Know I am grasping here, but what the heck..
0
 
LVL 67

Author Comment

by:sirbounty
ID: 10893620
straws are okay with me - I'll check that option on Monday FE.
Yes, I've rebooted and logged out several times...seems to happen every time I've changed my password
0
 
LVL 67

Author Comment

by:sirbounty
ID: 10908907
FE - it may be Thursday or the following Monday b4 I can test this...I've got a ton of server upgrades this week, so I'll be WAH...
I'll keep you posted though - thanx.
0
 
LVL 67

Author Comment

by:sirbounty
ID: 10927314
Looks like, as suspected, I had locked a @# server console somewhere...a peer stumbled across it last night...
Thanx for the help though - I'm sure this will help someone. :D
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10928063
With that many servers, I suspect it is not hard to do..!!!  Since I only maintain 5 servers, and I have done the same thing, I have no room to say a word..!!!    :)  

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 10928102
BTW:  thankQ SB...  Wish we could have helped more though..  :)
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Use Windows Task Scheduler to print a Word document weekly so your printer ink won't dry out.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question