Admin Account Lockout

We have GFI Mail Archiver installed on a separate server from my Exchange server.  We will call this "server2".

Server2 is logged in as a domain admin account we will call "admin".

When ever the Mail Archiver serverice is running on server2, the domain account admin gets locked out every 60 seconds.  I am NOT using the admin account anywhere in the Mail Archiver configuration, and the Mail Archiver service is running as local.

This is making it impossible for me to use GFI Mail Archiver.

Any ideas?

Thanks,

Joe
LVL 16
JoeAsked:
Who is Participating?
 
Exchange_AdminConnect With a Mentor Commented:
Let me preface this with I have never used MailArchiver and have limited knowledge of SQL. But I thought I would throw in some thoughts.

"Now I start the MA service, and within 60 seconds my TOTALLY UNRELATED admin account "ABC" is now locked out on the domain."
1. Have you changed the password of this account lately? If so did this problem start after changing the password? If the answers to these questions are yes, what happens if you change the password back to what it was originally?

2. Could something in the SQL database be using this account? Maybe a predefined user or something like that? Like I said before my experience with SQL is VERY limited.

Hope this helps.
0
 
inbarasanConnect With a Mentor Commented:
Dear JoeZ430,
You may use lockout status tool and query your account. It will show last bad pwd attempt on your user account. Then you can view DC Security eventlog at that particular time. It will show the from which system the attempt is made. Most of the these are due to below

user account and Passwords stored in Internet explorer
user account and Passwords in Scheduled task
user account and Passwords stored for any services to start

http://www.microsoft.com/downloads/details.aspx?familyid=D1A5ED1D-CD55-4829-A189-99515B0E90F7&displaylang=en
You can download lockout status tool from the above link

Hope this helps

Cheers!
0
 
JoeAuthor Commented:
inbarasan,

Thank you for the fast reply, I downloaded this tool this morning and have been using it. We do have this account starting the Mail Archiver service which then triggers the lockout. The weird part is, it does not matter who is logged into the server, you can be logged in as a different user and it will still lockout our one account. We have even tried to use a different account for the service and it still locked out our one admin account. Do you have any other ideas or suggestions?

Thanks,

Joe
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
JoeAuthor Commented:
Here is a list of things we have already tried.

Logging in as a different admin into the server, and starting the service with a different admin account. (Still locks the other admin account)

Uninstalled GFI Mail Archiver and deleted every instance of this program within the registry and the program files. (Still locks out our admin account)

Reinstalled GFI Mail Archiver, same problems still exist. (still locks out our admin account)

GFI support has been on this problem and has been handed off to the developer. ( Which may be time consuming)

Does anybody have anymore suggestions that we could try?

Thanks Again,

Joe

0
 
JoeAuthor Commented:
* Uninstalled GFI Mail Archiver and deleted every instance of this program within the registry and the program files. (Still locks out our admin account)

Sorry when I said this still lock our admin account I mean when the service for GFI Mail Archiver is started that same account still gets locked out.
0
 
poweruser32Connect With a Mentor Commented:
did you install the gfi locally rather than logging onto the domain?
0
 
JoeAuthor Commented:
We have not tried to install this locally. If we logged into the local account of the server will this effect any services using a domain account?
0
 
poweruser32Commented:
i couldnt see how it  could
0
 
JoeAuthor Commented:
Okay, we will have to try this after lunch. Thank you for the suggestion.

Joe
0
 
poweruser32Commented:
okay give us a buzz to see how you got on
0
 
JoeAuthor Commented:
poweruser32,

Our local account is the same as our domain admin account. Do you think this would have the same effect as just using the domain account?
0
 
poweruser32Commented:
no by local i mean logging on localling to the server-not onto the domain-you know the option in the last box-choose the computer name not the domain
0
 
Stacy SpearPresident/Principal ConsultantCommented:
you don't have GFI running under its own account? Services that require domain credentials should run under their own account. If you are compromised then by having separate accounts, you can ID immediately what is compromised.
0
 
JoeAuthor Commented:
We tried to login to the local account to run the service locally, this still managed to lock our domain admin account. GFI is running on our domain admin account that is being used by other resources too.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
You can't change the account GFI is running under? If GFI is hosing it and preventing the other services from running too, I would change it.
0
 
JoeAuthor Commented:
We have used another Admin account for the GFI service to no avail, it still locks the other admin account.
0
 
Stacy SpearPresident/Principal ConsultantCommented:
I am still confused how the local account you are running under now has access to the other server. Local account means just that. Not a GFI user so not familiar with how it runs.
0
 
PC_RobCommented:
darkstar3d,

I work with JoeZ, and we are working on this problem together.  The issue is like nothing I have seen before.

It does not matter what account we log into the server as, run MailArchiver(MA) services as, or run SQL services as.  No matter what we do to any or all of those just listed, the MA service still locks the one admin account on the domain 60 seconds after it starts.  Here is a more detailed example:

ServerMail = our Exchange server
ServerArchive = the server we have SQL and MailArchiver running on.

ServerArchive is logged in to Windows 2000 server as domain admin account "123"
ServerArchive's MA service is running logged in as account 123
ServerArchive SQL server service is running as account 123

Now I start the MA service, and within 60 seconds my TOTALLY UNRELATED admin account "ABC" is now locked out on the domain.  ABC will not lock out if the MA service is off, even if left all day.

No where in MailArchiver is the ABC user specified.

I hope this makes it easier to understand, although it makes no sense at all.

Any other thoughts?

Thanks,

Rob
0
 
PC_RobCommented:
Exchange_Admin

The "ABC" account password has not been changed recently, and the account only started locking out after MailArchiver was installed and the service started mocing emails from Exchange to the SQL database.

I have removed all references of "ABC" account from SQL server because I thought the same thing, and it still happens.

Is there any way to trace the exact process that is locking out an account?  We have used all the lockout tools Microsoft recommends, and they simply are not providing enough detail.

Thanks,

Rob
0
 
Stacy SpearPresident/Principal ConsultantCommented:
So GFI is logging into the mail store to do its work. Which account is using for that? I may be confused, again not a GFI user. But if the archiver is moving mail out of the user's mailbox and into the archive and the message is no longer available to the user, then its account can't be local to ServerArchiver. It needs access to the stores which are on mailserver. It needs a domain account to do this with.
0
 
PC_RobCommented:
MA uses a domain account to grab the journaled email from the "journal" mailbox.  This is not the account that is locking out.

We have now confirmed this to be on the SQL server end where MA writes the emails to for archiving.  We switched the MA configuration to point to a database on another server, and the lockouts went away.  This is not the solution, as that was just a test so we need to find out what inside SQL server 2000 is harboring old bad login credentials for this "ABC" account.  We have, to the best of our knowledge, removed all references to the ABC account from that SQL server, and it is still happening.  We are missing something in there.

Rob
0
 
Stacy SpearConnect With a Mentor President/Principal ConsultantCommented:
Did you check the database itself? You can use domain accounts for permissions to a DB.  Or it could be a stored procedure running under the ABC account.
0
 
PC_RobCommented:
Still no go.  We have searched that server top to bottom, and removed every instance of the ABC account, and it still locks that account out on the domain as soon as the MA service starts.
0
 
JoeAuthor Commented:
Yes, this problem is very strange..
0
 
Stacy SpearPresident/Principal ConsultantCommented:
Can you run netmon on the sql server and see what machines connect to it once the MA starts up?
0
 
JoeAuthor Commented:
Thanks guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.