Random Account Lockouts
Posted on 2011-09-20
Not too sure how to go about this, but, my domain account on a windows 2008 active directory keeps getting locked out every few minutes. I can't for the life of me find where logons are taking place that is locking out my account. I've check my servers security logs on my servers that have internet facing NAT policies (Exchange, RDP server) to no avail, as well as check all my domain controllers. No love.
As far as i know there isn't any logging done by the domain controllers when there is an account audit failure, but I'm looking for something like that. I'm a bit scared that this is a security breach of some sort (luckily I have a separate domain admin account!). I would look at potential services or the like out there that might use my logon (network scanners) but it's odd that this started today - I haven't changed my password in over a month
And I do have my phone checking my mail, which I've seen make this happen, but i authenticate just fine on my phone.