Solved

mysterious account lockouts

Posted on 2007-11-29
7
379 Views
Last Modified: 2012-05-05
Let me first tell you what is NOT the problem: users mistyping or forgetting their passwords. The lockouts are happening while users are logged on. I will unlock a user, and a few minutes later, the account is locked again. The lockouts are happening in a single department (Customer Service) and only some of the users are getting locked out repeatedly. There are 15 people in the department, but only about 5 are being repeatedly locked out.

The first question I asked myself was what did I change? Recently, I installed a .NET based rate calculator app from UPS on all machines in the department. However, the problem did not immediately appear after I installed the app.  A few weeks before that, I upgraded both of my W2K3 Domain Controllers to SP2.

If it is the new app, I'd like some definitive proof that it is the cause before I remove it. If I can't find proof, then i guess my next step will be to uninstall the app on a couple of the PCs that are affected and see if the problem goes away.

More on the environment: I have a single domain with 2 domain controllers, running in 2003 mode. All clients in the Customer Service Department are running XP SP2. My print and file servers are running 2003 with a mix of SP1 and SP2. I have a 2003 SP1 SQL server running MSSQL 2000 STD SP3. I do not have Exchange.

What I have tried: I have installed Mcrosoft's ALockout.dll tool on several of the affected machines, as well as enabling netlogon debugging on those machines. I have also enabled netlogon debugging on both Domain Controllers. However, I am struggling with the interpretation of these logs.
0
Comment
Question by:porkerjoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 125 total points
ID: 20375189
I have recently come across this product but have not tried:

http://www.motivatesystems.com/Lockout_Inspector.asp
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 125 total points
ID: 20375191
This sort of thing is often a result to users setting up a scheduled task and supplying it with credentials and then subsequently changing their password,  resulting in a task that keeps trying to  run with the wrong password and the account gets locked
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20375395
It is not the scheduled tasks - checked that already.

I will take a look at the Lockout Inspector tool - it looks like it is a full function 30-day trial. However, I don't think it will provide me the source of the lockout - only the IP address. I need to pin down what it is on the machine that is sending the credentials.
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 125 total points
ID: 20375931
The most common cause is something which is supplying incorrect credentials. I have often seen users bringing their home laptops in, mapping drive letters and entering their domain credentials, then changing their domain password but not updating their laptop. This obviously means it will try to map the drive and you will get account lockouts. I doubt that is the case here though as it is only one department.

Look at any programs which may have domain credentials hard programmed. When did the affected users last change their passwords, it may be that the hard programmed credentials are incorrect?

-tigermatt
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20376536
The new app that I recently installed does not store domain credentials. I don't think I've introduced any other new apps...I also can't think of any apps that used stored credentials.

The user who was first experiencing difficulties and was the reason I discovered the issue - his password was changed on Nov 3. Issues did not start happening until around the 20th.

None of the PCs in question are laptops, and I have not seen any extra mapped drives that users configured themselves.

All users in the company have drives mapped by logon scripts. I did not think to mention this before, but it might be relevant.

0
 
LVL 3

Assisted Solution

by:l84work
l84work earned 125 total points
ID: 20390441
Rename the user account names.  If lock out continues, then you know it's not some type of cached credentials.
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20444670
It turned out to be that my two domain controllers had stopped replicating with each other. As soon as I corrected that and had the problem users change their passwords, the account lockouts went away.

Thanks to all who chimed in. I'll split the points between all contributors. The first person who has already posted who posts the following will get the nod for the correct answer:

Check Replication between your domain contollers.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Do you know what to look for when considering cloud computing? Should you hire someone or try to do it yourself? I'll be covering these questions and looking at the best options for you and your business.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question