Solved

account lockout issue

Posted on 2010-11-18
5
360 Views
Last Modified: 2012-05-10
hi, one user is getting locked out very frequently but i not able to figure out from which workstations login attempts are happening in security logs. Is there a tool which can help me find out the source of account lockout. I hv tried Alockout tool from microsoft but i need to know the actual source of user.

I hv enabled logon audit -success and failure in AD  but someone failure logs are not getting generated.

Thanks,
Santosh
0
Comment
Question by:santoshlk
5 Comments
 
LVL 9

Accepted Solution

by:
dj0rbit earned 125 total points
Comment Utility
0
 
LVL 23

Expert Comment

by:Suliman Abu Kharroub
Comment Utility
this should be shown on event viewer.

right click on the security tab, filter the current log a in the attached.


evnt.PNG
0
 
LVL 10

Expert Comment

by:abhijitmdp
Comment Utility
As dj0rbit suggested you will need to download and run Account Lockout and Management Tools  tool from microsoft. this will show the exact result you are looking for.
0
 
LVL 2

Assisted Solution

by:Charlesd
Charlesd earned 125 total points
Comment Utility
Just run the below command to enable netlogon debug logging on command prompt.

nltest /dbflag:0x2080ffff

After you restart Net Logon, Net Logon-related activity may be logged to %windir%\debug\netlogon.log

You would be able to see who is trying to access the server.

0
 

Author Closing Comment

by:santoshlk
Comment Utility
partially solution.
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

This is a fairly complicated script that will install the required prerequisites to install SCCM 2012 R2 on a server.  It was designed under the functional model in order to compartmentalize each step required, reducing the overall complexity.  The …
The System Center Operations Manager 2012, known as SCOM, is a part of the Microsoft system center product that provides the user with infrastructure monitoring and application performance monitoring. SCOM monitors:   Windows or UNIX/LinuxNetwo…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now