User account locks out every 60 seconds or less

One of my users changed his password a couple of days ago. After he change it, his account started locking out every 60 seconds or so. It locks out even if his computer is not on. I have attempted to track the problem down using Microsoft's account lockout tools, but the best I have so far is an entry in the log files that seems to indicate the problem is coming from our Exchange server. I manually changed his password back to the old one and everything is currently working fine, but he needs to be able to change his password as it is a company policy to change them on a regular basis. Below is the only log entry  I can find that seems to relate to the problem. I have replaced the actual server names with their function.

644,AUDIT SUCCESS,Security,Wed Nov 05 12:55:16 2008,NT AUTHORITY\SYSTEM,User Account Locked Out:     Target Account Name: (Username)     Target Account ID: %{S-1-5-21-823518204- . . .}     Caller Machine Name:  (exchange server)     Caller User Name: $ (domain controller)    Caller Domain: (domain name)     Caller Logon ID: (0x0,0x3E7)  
reyncoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Joseph DalyCommented:
Well why not try this. This will tell you if he is logged into any other machine in the network.

http://www.digitallabs.net/lu/

If that fails you could always just modify his user account name.
0
Darius GhassemCommented:
0
TDKDCommented:
This really does sound like a cached credential issue, check with the user to make sure they dont have a mapped drive with outdated credentials. Also, does this user logon to their PC with cached domain level credentials? Or with a local account?
0
ON-DEMAND: 10 Easy Ways to Lose a Password

Learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees in this on-demand webinar. We cover the importance of multi-factor authentication and how these solutions can better protect your business!

snusgubbenCommented:
Does he use Active Sync where he has typed his old pw and ticked remember pw on his PDA/mobile phone?
0
reyncoAuthor Commented:
Thank you for your suggestions, but I found a solution. I changed his PW back to what it was before this issue started. His account didn't lock out so we left it over night and I forced him to change it again this morning when he logged it. So far the account has not locked out.  Im guessing that one of the AD DCs didnt sync correctly and was causing the lockout. One of them was taken offline about the time he originally changed his PW.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
TDKDCommented:
That can happen, but rare.
0
Joseph DalyCommented:
If that were the case you should have been able to see the discrepancy in the account lockout tools pwd last changed column. The DC that failed the sync would still have the original pw set date.
0
reyncoAuthor Commented:
xxdcmast -  Thank you for your followup. That was just my best guess at what happened. All of the servers showed the same data in the lockout tools. I don't recall seeing any discrepancies.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.