Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


LAN Credentials repeatedly lock out

Posted on 2007-10-08
Medium Priority
Last Modified: 2008-11-17
LAN Credentials repeatedly lock out
Question by:Accountant
  • 2
LVL 13

Accepted Solution

Yancey Landrum earned 336 total points
ID: 20035324

I find I just use EventCombMT.exe pretty much exclusively. Basically, it searches the security event logs of your domain controllers (or any machines you specify) to determine from which machine the creds are being locked. There are canned searches too, or you can customize to look for specific event ids containing specific text.

Assisted Solution

ncrones earned 332 total points
ID: 20261378
if it is tied to a user am betting you have either
1) an old mapped drive somewhere
2) a service set running

that are using old credentials that keeps trying to connect at login/startup.

Checked your mapped drives - delete and recreate and/or reset the password on each. in case of service running just reset the password.

typically happens as a support person running around fixing issues and forgetting to drop a temp mapped drive and/or setting a service to run with user credentials
LVL 13

Expert Comment

by:Yancey Landrum
ID: 20265086
Those would definitely be some things to check once you've identified from which machine the invalid credentials are coming. For us, it was not a service logged in with user creds, but a service that was using its own stored creds to contact its server (McAfee Framework service, to be exact).

Another culprit could be windows' saved passwords. In XP, Control Panel / User Accounts / Advanced / Manage Passwords.

But first you gotta figure out which machine. Using EventCombMT, search all your DCs' security logs for failure audits containing event 680. Put the user name that keeps getting locked out in the "Text:" field. After the search, look in the resulting txt files (start with the largest one) for error 0xC000006A; there should be a number of them corresponding to your domain's lockout policy. Each one of those lines will list a workstation; that will be the one that is sending the wrong password and locking out the account. The other lines listing error code 0xC0000234 are where machines/users tried to access the account after it was locked out.


Assisted Solution

rjmedina earned 332 total points
ID: 21673360
Another possibility: do you use Remote Desktop/Terminal Services?  

If you/someone left the account in question logged into a Remote Desktop session and then changed the password on the account, then the remote session would keep passing the old credentials with the old password, effectively locking out the account.  

All of the scenarios above are also possible.

The tool that I use to troubleshoot these types of problems is lockoutstatus.exe:

Hope this helps!

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are three types of ISA client that can be configured - these can be individual clients or multiples of a client on each PC or server SecureNAT. A SecureNAT client for ISA server is a client machine, work station or server, that has its defa…
ISA Server detected routes through the network adapter LAN that do not correlate with the network to which this network adapter belongs What does this mean and how can one go about correcting it? In simple terms, this error message indicates t…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Enter Foreign and Special Characters Enter characters you can't find on a keyboard using its ASCII code ... and learn how to make a handy reference for yourself using Excel ~ Use these codes in any Windows application! ... whether it is a Micr…
Suggested Courses

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question