Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to tell what is locking an account out

Posted on 2011-02-14
7
Medium Priority
?
551 Views
Last Modified: 2012-06-21
I have a service account that runs scheduled tasks and services.  It is being locked out every Saturday at 11 PM, but I don't know what is locking it out.  I'm needing to know what machine/IP the invalid attempts are coming from.  I know Microsoft has the Account Lockout & Management tools, but I'm running Active Directory on Server 2008.  Will these tools still work?  If so how do I put them in place?  Is there a better option out there?
0
Comment
Question by:jdouthit
  • 3
  • 2
  • 2
7 Comments
 
LVL 7

Accepted Solution

by:
Cuteadder earned 2000 total points
ID: 34888375
http://www.microsoft.com/downloads/en/details.aspx?FamilyId=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

event comb will scan all your Domain controllers and tell you what computer and what type of event...
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34888385
Those tools should still work...haven't put them on a 2008 box myself.   A network trace can also help in these situations (netmon or wireshark).

Not sure if you have seen this blog but it is a good overview   http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx?wa=wsignin1.0

Thanks

Mike
0
 

Author Comment

by:jdouthit
ID: 34888395
What criteria should I be entering in eventcomb to search for the failed attempts?  I don't know what Event ID this would produce.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 7

Expert Comment

by:Cuteadder
ID: 34888412
there's a preset for looking for locked out accounts and the events around it...

do that and post the results
0
 

Author Comment

by:jdouthit
ID: 34888855
I used the preset search for locked accounts on event comb, but it didn't find anything.  The account was locked out on 2-12-11.  Our event logs fill up so fast we usually only have items for the last 4-6 hours on a business day.
0
 
LVL 7

Expert Comment

by:Cuteadder
ID: 34889512
unlock the account and next time it locks out jump on the issue..
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question