We help IT Professionals succeed at work.

User accounts "locked"

402 Views
Last Modified: 2012-06-27
I have my LAN Domain, and my DMZ Domain separated via firewall. There is a terminal server in the DMZ, accessible via the Internet, and the LAN. When users in the LAN connect via RDP to the Terminal Server in the DMZ, they must use there user account in the DMZ, as there is no domain trust between LAN and DMZ domains. Users can also map a network drive from there LAN PC's to the server share in the DMZ, again, using there DMZ credentials to connect.

Problem:
LAN users that connect to the Terminal Server, are consistently finding that their user accounts are locked out. I have other users that use servers in the DMZ domain (Sharepoint), and none of them have this problem. Why are the Terminal Server user accounts being locked out so frequently?

Is it that the users are simply forgetting their passwords, or does it have something to do with the combination of using Remote Desktop, and mapping a network drive to the same server? If a drive is mapped from the LAN to a server in the DMZ, will Windows Explorer try to verify the directory and attempt a logon, each time they open "My Computer" ?

Any ideas or suggestions are appreciated.
Comment
Watch Question

Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Commented:
bluntTonyHead of ICT
Top Expert 2009

Commented:
Check the event logs on the DC for failed logon attempts for the users being locked out. The event log will give you a logon type number - this will help you identify the type of logon that is failing.
See here for the type codes: http://www.windowsecurity.com/articles/Logon-Types.html
For example - if you see a lot of failed logons with type 3, it's likely that it's bad credentials being use to map to a shared drive. It's worth checking cached credentials on the users' machines (Control Panel | User Accounts | Advanced | Manage passwords) - you can clear the cache if you think it's holding bad credentials.
In answer to your question about the mappings, yes, each time you try to connect to a share, a logon is attempted. Depending on how the drive is mapped originally, you'll either be using the credentials of the currently logged on user, or alternate credentials can be specified when the drive is originally mapped - if this is the case it could be that these are now out of date.
I don't think the fact that they are using RDP will have any bearing on why it's failing though...

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.