Link to home
Create AccountLog in
Avatar of mjmksm
mjmksm

asked on

Very Unusual User Account Lock Problem

I have a user who has been experiencing problem with an active directory user account keep locking out for the past several weeks. When the user tries to log on in the morning, he encounter an error message reading “Referenced account is currently locked out and may not be logged onto” after putting in the username and password for the first time. When the helpdesk unlock the account the user is able to get on for a while and the problem seems temporarily fixed. But after about an hour or so, email and internet will prompt the user for a password and basically locked out of the account even though the user is logged into it. This issue happens several times per day. The account looks fine in AD. Any ideas why this might be happening?
Avatar of Steven Carnahan
Steven Carnahan
Flag of United States of America image

There are probably any number of reasons. It sounds like there is something running on the system using credentials prior to a password change. For example, if they have a scheduled task or a hard coded drive mapping or a backup program.
Check that a service, scheduled task is not running with the users account, and that no share is being accesses with an old password.
This usually happens after the user has changed a password and service/task/share is set to use the old credentials.

These tools can help to resolve the issue http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en
The quickest one to check is whether the user has recently changed their password while at the same time, the user has a mapped drive where the user stored the old password for credentials.
control keymgr.dll
This will show whether the user has stored a password to a resource that might no longer be valid.

as KCTS pointed out, the tool provide you with a way to determine the source of the authentication requests that lead to the lockout.  I.e. a user has a terminal session on a terminal server that was established prior to the recent password change.  A user has a logged in session on another computer that has a mapped drive etc.

ASKER CERTIFIED SOLUTION
Avatar of athomsfere
athomsfere
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of mjmksm
mjmksm

ASKER

Thanks to everyone for the quick response. I'll work with the suggested solutions posted and provide a feedback.
Avatar of mjmksm

ASKER

User was logged on to multiple PCs. After clearing from the workstations, everything is fine now. Thanks to everyone for their help.