?
Solved

account lockout issue

Posted on 2010-11-18
5
Medium Priority
?
441 Views
Last Modified: 2012-05-10
hi, one user is getting locked out very frequently but i not able to figure out from which workstations login attempts are happening in security logs. Is there a tool which can help me find out the source of account lockout. I hv tried Alockout tool from microsoft but i need to know the actual source of user.

I hv enabled logon audit -success and failure in AD  but someone failure logs are not getting generated.

Thanks,
Santosh
0
Comment
Question by:santoshlk
5 Comments
 
LVL 9

Accepted Solution

by:
dj0rbit earned 375 total points
ID: 34164719
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
ID: 34164772
this should be shown on event viewer.

right click on the security tab, filter the current log a in the attached.


evnt.PNG
0
 
LVL 10

Expert Comment

by:abhijitmdp
ID: 34165882
As dj0rbit suggested you will need to download and run Account Lockout and Management Tools  tool from microsoft. this will show the exact result you are looking for.
0
 
LVL 2

Assisted Solution

by:Charlesd
Charlesd earned 375 total points
ID: 34170239
Just run the below command to enable netlogon debug logging on command prompt.

nltest /dbflag:0x2080ffff

After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log

You would be able to see who is trying to access the server.

0
 

Author Closing Comment

by:santoshlk
ID: 34463255
partially solution.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you are trying to access the server, have you ever encountered "The terminal server has exceeded the maximum number of allowed connection" error?  or "The user is attempting to log on to a Terminal Server in Remote Administration mode, but the …
This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month13 days, 12 hours left to enroll

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question