Win 2000 Dial up account lockouts out intermittently

Windows 2000  Domain account  will lock out at various times during the day, everyday.   It is a Dial up account with domain user access.  account settings are correct.  She is not logged on to any other machine, and she is the only user at this site.  we have run virus scanner with nothing found. we cannot find anything in the event viewer other than she logged on successfuly. She has no mapped drives. user states that the computer will boot her out and then the account will lock her out.  she is the only one at this site and she has not given her un or pw to anyone.  she does not have a pc at home that she tries to dail in with.  When the user leaves at the end of the day she disconnects from the domain and the next morning her account is locked out.
LVL 1
SecuritasAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Debsyl99Commented:
Hi
Have you enabled failure auditing of logon events at the server? Just in case there is some service trying to run under her credentials with an outdated password...

Deb :))
0
SecuritasAuthor Commented:
We feel confident the problem has been resolved now. The user in question was a remote user who was connecting through a dial-up account, then using VPN client software to make a tunnel to our OC. When the pc in question was setup it was joined to our domain, the user had been logging into the pc using the cached domain account. At this point the problem came to be when either:

A- The users p/w had expired and was changed.

or

B- The user forgets p/w and has helpdesk reset it for them.

What we beleive was happening is that once they log on with the cached account, then make there connection and tunnel, that cached account is trying to authenticate to something on the domain, that p/w is different then there current p/w and locking out the account. Fortunately the user new there original password and we changed there account to that. The users account has not locked out in several days.

As a side note we did have failure auditing of logon events turned on but for some reason could find any for the account in question. Thank you Debsyl99.

I will work with the rest of our team to figure out a better solution for our remote users so this can be avoided in the future. Maybe we will have them just logon with a local account.

I was not the original tech to work on the issue so I have stated all the facts to the best of my knowledge and hope this can help someone out in the future.


Thanks,
Ron Z
0
Debsyl99Commented:
That's great - Suggest you post a question in Community Support, including a link to this one and request PAQ and refund,
All the best,
Deb :))
0
moduloCommented:
Closed, 500 points refunded.

modulo
Community Support Moderator
Experts Exchange
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.