Solved

Why do I have user accounts locking out now for no reason

Posted on 2008-06-16
10
220 Views
Last Modified: 2010-04-21
2 weeks ago I migrated my Exchange from 5.5 to 2k3. All went well with the exception of now i have some user accounts that keep locking out for no apparent reason. My policy is 3 unsuccessful attempts locks accounts. I have no clue so I need some help please.
0
Comment
Question by:Fraser_Admin
10 Comments
 
LVL 6

Expert Comment

by:powercram
ID: 21794254
Do you have any processes that log on as a user automatically?
0
 
LVL 14

Expert Comment

by:plug1
ID: 21794264
They dont have blackberrys or such like that havent had thier passwords updated and are automatically checking mail?
0
 
LVL 17

Expert Comment

by:kadadi_v
ID: 21794477
0
 

Author Comment

by:Fraser_Admin
ID: 21796311
No processes or BB as for the event ID 529 I have a few of these in the security logs but not pertaining to these particular users. BTW licensing is fine or at least appears that way.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21801000
What other policies do you have set up?

Did their passwords expire and they were not prompted to change their passwords??
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:Fraser_Admin
ID: 21801711
ChiefIT: There is nothing out of the ordinary changed other than the migration. Since that I have had these accounts locking. For example I can unlock a password and have a user attempt logging on, and without making any errors in typing it prompts the user that their account is locked. And it is.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 21805444
It may be the level of protocol you are trying to authenticate with in exchange:
http://support.microsoft.com/kb/820281

Your server may be set up to strictly authenticate using Kerberos. I think there are methods to upgrade the authentication of exchange server services to kerberos only.

You would want to use kerberos as the gross vulnerabilities of NTLMhash is something you don't want.
0
 
LVL 13

Accepted Solution

by:
ocon827679 earned 500 total points
ID: 21806020
Your users are still logged in somewhere.  Did they just change their password recently?  I would venture to guess that they did and they are either logged in at another workstation that they have forgotten about or have a process or service running under their credentials.  I've had this happen to me on several occasions, and they all told me that they were not logged in anywhere else.  Then we look in other offices/cubes where they sat and there is a WS that looks like its turned off, turn on the monitor and the screen saver is locked with their credentials.  Lesson learned - don't believe anything that a user tells you.
0
 

Author Comment

by:Fraser_Admin
ID: 21806427
ocon827679
This user does have a second PC and was logged on. I have had him logoff and back on. It should take much longer than an hour to test as I would hear from him every hour. AHHH!
0
 

Author Closing Comment

by:Fraser_Admin
ID: 31467637
Thanks!! What a relief.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now