I have 2 Windows 2003 DC. Early this week, suddenly we got issue with all users accounts keeps getting locked. I have unlocked them and they get locked back after a period of time. It happens on random group of users but eventually every single users account get locked. I have tried gpupdate, rebooting, and scanning the DCs themselves for possible viruses.
I found nothing and it does nothing.
There's no policy change as far as I know before January 5th and suddenly on January 5th, all hell break loose. it's been 3 days and I couldn't figure out what's the issue.
All users are using using WIndows XP SP2.
Under audit log, there's no failure log. All it shows is Success Audit on User Account Locked out. For example:
User Account Locked Out:
Target Account Name: <username>
Target Account ID: <domain\username>
Caller Machine Name: <user machinename>
Caller User Name: <dc machinename>$
Caller Domain: <dc name>
Caller Logon ID: (0x0,0x3E7)
Event ID: 644
Under Application log, there's bunch of warning since August 6, 2008:
Security policies were propagated with warning. 0xd : The data is invalid.
Advanced help for this problem is available on http://support.microsoft.com
. Query for "troubleshooting 1202 events".
Event ID: 1202