Help with BESadmin account being locked out

HI,

We have a besadmin account that continues to be locked out weekly.  We have ran a script against the complete domain and there are no services running under that incorrectly.  Any ideas of what other options I have?

Thanks
David
dross333Asked:
Who is Participating?
 
ckeshavSr. Infrastructure SpecialistCommented:
Check the Eventlogs(Security) from the DC, it would show workstation from where the account is getting locked.

You can also download the Account Lockout tools from Microsoft to troubleshoot further

http://www.microsoft.com/downloads/en/details.aspx?familyid=7af2e69c-91f3-4e63-8629-b999adde0b9e&displaylang=en

0
 
naveencnairCommented:
Is this happening only for BESadmin account our other accounts too ? If IP v6 enabled in adapter just disable it and see.
0
 
dross333Author Commented:
This is only happening on the besadmin account.  I just looked an PV6 is not enabled.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
naveencnairCommented:
BES communicates with Exchange by using BB agent that uses MAPI sessions.  Each agent uses its own MAPI sessions.  For Authentication BES communicate with NSPI Component to authenticate with AD. There must be some sort of authentication failure happening that might cause the BESadmin account lockout.

Just refer the below microsoft link and follow the resolution instruction to enable the event logging for NSPI connections, and modifiy the registry to allow additional NSPI connections.

http://support.microsoft.com/kb/949469
0
 
p_nutsCommented:
Have you checked what machine the lockout is coming from ... If it is your owa box consider renaming the account.
0
 
p_nutsCommented:
Also.. I've seen scanners that use service accounts that cause this.... I know besaccount on a printer =(

But it wouldn't be the first time...
0
 
gregurlCommented:
When checking the domain controllers for the lock out in the event log, you will have to check all domain controllers.
0
 
ckeshavSr. Infrastructure SpecialistCommented:
Yes, but if it is taking time then you can just check from the Domain Controllers from the local site and then go for other DC's
0
 
dross333Author Commented:
The tools in that link were very helpful....Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.