Solved

Random Account Lockouts

Posted on 2009-06-29
7
679 Views
Last Modified: 2012-05-07
This morning I have had about 5 users complain that their accounts were locked out but they were certain they keyed their passwords in correctly.  Of course being the typical IT guy I figured my end-uses were crazy.  Funny thing was though it happened to me about 10 minutes ago.  I logged onto my PC without any problems this morning.  After logging in I tried to access a file on SharePoint and it told me I didn't have rights.  I went and looked and my account was locked out.

My first step was to look at the event viewers and I noticed an error the was recurring consistently:  EventID 12294.  The SAM database was unable to lockout the account of administrator due to a resource error, such as a hard disk write failure (the specific error code is in the error data) . Accounts are locked after a certain number of bad passwords are provided so please consider resetting the password of the account mentioned above.

I checked and my Domain Administrator Account was locked out.  I unlocked it and within about 5 seconds it was locked out again.  Is there anyway to tell what is causing these issues?
0
Comment
Question by:neptuneit
  • 4
  • 2
7 Comments
 
LVL 27

Expert Comment

by:bluntTony
ID: 24735851
Sounds like a possible conficker (or downadup) infection. One symptom of this is random lockout events for no apparent reason.
Update your virus definitions and run some scans. The source of the infection could be attempting to log on to network shares, casuing the lockouts.
There are a number of removal tools available - google 'conficker removal' and follow the steps to detect and repair this sort of infection.
0
 
LVL 1

Author Comment

by:neptuneit
ID: 24735871
Does Active Directory log where the attempts are coming from by any chance?  This would help me narrow down the source of the problem?
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 300 total points
ID: 24735876
Also have a check of your DC security event logs to determine the logon type which is causing the account lockouts. You may also get the source machine from which the bad logons are coming from...
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 27

Expert Comment

by:bluntTony
ID: 24735884
Look like our posts just crossed :-)
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 200 total points
ID: 24735911
You may also want to have a look at this: http://support.microsoft.com/kb/887433
I had an incident recently where Conficker was causing this problem.

There is an MS Patch: http://support.microsoft.com/kb/958644
Also make sure your virus protection is bang upto date and do a full system scan.

We had to use Group Policies to disable Autorun feature, it was also creating tasks in the scheduled task avery hour and they were called A1, A2, A3 etc, again we disabled the task scheduler in Grou Policy until we were able to full disinfect.
0
 
LVL 1

Author Comment

by:neptuneit
ID: 24735944
What particular type EventID should I be looking for in the DC Security logs?
0
 
LVL 27

Assisted Solution

by:bluntTony
bluntTony earned 300 total points
ID: 24735991
It could at this stage be a number of event IDs. Filter the security log on failure events then look through these.
Check the source computer, and the logon type code. Reference for type codes...
http://www.windowsecurity.com/articles/Logon-Types.html 
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now