reynco
asked on
User account locks out every 60 seconds or less
One of my users changed his password a couple of days ago. After he change it, his account started locking out every 60 seconds or so. It locks out even if his computer is not on. I have attempted to track the problem down using Microsoft's account lockout tools, but the best I have so far is an entry in the log files that seems to indicate the problem is coming from our Exchange server. I manually changed his password back to the old one and everything is currently working fine, but he needs to be able to change his password as it is a company policy to change them on a regular basis. Below is the only log entry I can find that seems to relate to the problem. I have replaced the actual server names with their function.
644,AUDIT SUCCESS,Security,Wed Nov 05 12:55:16 2008,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: (Username) Target Account ID: %{S-1-5-21-823518204- . . .} Caller Machine Name: (exchange server) Caller User Name: $ (domain controller) Caller Domain: (domain name) Caller Logon ID: (0x0,0x3E7)
644,AUDIT SUCCESS,Security,Wed Nov 05 12:55:16 2008,NT AUTHORITY\SYSTEM,User Account Locked Out: Target Account Name: (Username) Target Account ID: %{S-1-5-21-823518204- . . .} Caller Machine Name: (exchange server) Caller User Name: $ (domain controller) Caller Domain: (domain name) Caller Logon ID: (0x0,0x3E7)
This will help you troubleshoot the lockout of the user.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
http://www.microsoft.com/downloads/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
This really does sound like a cached credential issue, check with the user to make sure they dont have a mapped drive with outdated credentials. Also, does this user logon to their PC with cached domain level credentials? Or with a local account?
Does he use Active Sync where he has typed his old pw and ticked remember pw on his PDA/mobile phone?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That can happen, but rare.
If that were the case you should have been able to see the discrepancy in the account lockout tools pwd last changed column. The DC that failed the sync would still have the original pw set date.
ASKER
xxdcmast - Thank you for your followup. That was just my best guess at what happened. All of the servers showed the same data in the lockout tools. I don't recall seeing any discrepancies.
http://www.digitallabs.net/lu/
If that fails you could always just modify his user account name.