Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

mysterious account lockouts

Posted on 2007-11-29
7
Medium Priority
?
393 Views
Last Modified: 2012-05-05
Let me first tell you what is NOT the problem: users mistyping or forgetting their passwords. The lockouts are happening while users are logged on. I will unlock a user, and a few minutes later, the account is locked again. The lockouts are happening in a single department (Customer Service) and only some of the users are getting locked out repeatedly. There are 15 people in the department, but only about 5 are being repeatedly locked out.

The first question I asked myself was what did I change? Recently, I installed a .NET based rate calculator app from UPS on all machines in the department. However, the problem did not immediately appear after I installed the app.  A few weeks before that, I upgraded both of my W2K3 Domain Controllers to SP2.

If it is the new app, I'd like some definitive proof that it is the cause before I remove it. If I can't find proof, then i guess my next step will be to uninstall the app on a couple of the PCs that are affected and see if the problem goes away.

More on the environment: I have a single domain with 2 domain controllers, running in 2003 mode. All clients in the Customer Service Department are running XP SP2. My print and file servers are running 2003 with a mix of SP1 and SP2. I have a 2003 SP1 SQL server running MSSQL 2000 STD SP3. I do not have Exchange.

What I have tried: I have installed Mcrosoft's ALockout.dll tool on several of the affected machines, as well as enabling netlogon debugging on those machines. I have also enabled netlogon debugging on both Domain Controllers. However, I am struggling with the interpretation of these logs.
0
Comment
Question by:porkerjoe
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20375189
I have recently come across this product but have not tried:

http://www.motivatesystems.com/Lockout_Inspector.asp
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 500 total points
ID: 20375191
This sort of thing is often a result to users setting up a scheduled task and supplying it with credentials and then subsequently changing their password,  resulting in a task that keeps trying to  run with the wrong password and the account gets locked
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20375395
It is not the scheduled tasks - checked that already.

I will take a look at the Lockout Inspector tool - it looks like it is a full function 30-day trial. However, I don't think it will provide me the source of the lockout - only the IP address. I need to pin down what it is on the machine that is sending the credentials.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 58

Assisted Solution

by:tigermatt
tigermatt earned 500 total points
ID: 20375931
The most common cause is something which is supplying incorrect credentials. I have often seen users bringing their home laptops in, mapping drive letters and entering their domain credentials, then changing their domain password but not updating their laptop. This obviously means it will try to map the drive and you will get account lockouts. I doubt that is the case here though as it is only one department.

Look at any programs which may have domain credentials hard programmed. When did the affected users last change their passwords, it may be that the hard programmed credentials are incorrect?

-tigermatt
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20376536
The new app that I recently installed does not store domain credentials. I don't think I've introduced any other new apps...I also can't think of any apps that used stored credentials.

The user who was first experiencing difficulties and was the reason I discovered the issue - his password was changed on Nov 3. Issues did not start happening until around the 20th.

None of the PCs in question are laptops, and I have not seen any extra mapped drives that users configured themselves.

All users in the company have drives mapped by logon scripts. I did not think to mention this before, but it might be relevant.

0
 
LVL 3

Assisted Solution

by:l84work
l84work earned 500 total points
ID: 20390441
Rename the user account names.  If lock out continues, then you know it's not some type of cached credentials.
0
 
LVL 1

Author Comment

by:porkerjoe
ID: 20444670
It turned out to be that my two domain controllers had stopped replicating with each other. As soon as I corrected that and had the problem users change their passwords, the account lockouts went away.

Thanks to all who chimed in. I'll split the points between all contributors. The first person who has already posted who posts the following will get the nod for the correct answer:

Check Replication between your domain contollers.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
Check out what's been happening in the Experts Exchange community.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

671 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question