Active Directory continues to lock out Remote User when using Outlook

I have a on the road salesmen that continues to be locked out by AD. This just may be something I am not familiar with but from his laptop and a internet connection outside of our network he can send and recieve email with the local outlook not being in the office connected to our network??? He says he logs in remotely using RDP to our terminal server and closes the Remote session. From there he can open outlook locally on his laptop and send/receive email. His account continues to get locked out now even when he only uses the terminal server. First I didnt know this could be done with Outlook and would like to know more about it. Second there doesnt appear to be any consistency of when he gets locked out. He has had to change his password within our AD domain when logged in RDP to terminal server. Password cannot be changed on his laptop until he is back in the office connected to our domain. Is there some sort of false authentication going on here in the background with the local outlook using the old password from the laptop. Any thoughts would be appreciated! Oh outlook is 2010 on his Laptop. 2003 on the terminal server. This may not have anything to do with his problems but no one else have used outlook this way and there arent any complaints from other users being locked out.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

First, you answered your own question.  He's sales, there's nothing else to say. :)

2nd. If he can VPN in, he can change his password from his laptop.  He just needs to do it from the ctrl+alt+del screen when logged into Windows.
Great point Paul!
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

But is it Exchange 2k10?
I believe Outlook Anywhere can be configured from EX07...maybe even EX 03
Johne75Author Commented:
Exchange 2007. I have not configured Outlook Anywhere on his laptop. Also I am a little confused how he can change his laptop password when using RDP to our server? It will work?
If he VPNs in, he needs to change the password directly from his laptop, but yeah, it works. :)
We have had similar issues in the past.

This really comes down to user training
If the user has VPN access and Can Access their Outlook Via Terminal Server.
This is the way the need to be doing it. All Work should be done while in the Terminal Server Session.

Connecting to the VPN
Then using Outlook Locally can cause the users account to get locked out.

User may not be able to change the password on the actual laptop,but their AD Account password can be changed via AD,
or once logged in via VPN and connected to terminal Server the user can change the password.

Only thing is they will need to remain using their old password to log on locally until they get back to the office.

Need to also check that the Staff do not also have a Mobile Phone thats synching with their Exchange Mail
If they do, and they dont change passwords on this, their AD Account will get locked out.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Johne75Author Commented:
This is exactly what I was suspecting and is good to know! I have another user connecting with outlook from his home computer (not joined to domain obviously) who occasionally gets locked out when he uses it. He also has his iPad, he used to have a Blackberry joined to our BES now has an iPhone connected with Active Sync and also connects with OWA and RDP...its our CEO and hes a pain sometimes...There are other individuals using iPads, iPhones, Blackberries etc but not the Outlook like described in this thread and have never had problems. I can only assume there passwords are the same on their other devices or they arent using one!

You are right about Sales guys for sure! They are a pain...Also, I did try to change the password like you mentioned and it did not work. I think Apacheo9 is right he needs to be back in the office to do that as I suspected.

Thanks for the Tool! I will certainly use this for future needs and if changing his passwords do not correct the problem! And thanks for Mentioning Outlook Anywhere. I did make changes on the server some time ago to allow for this but learned researching all this yesterday that it is enabled out of the box when joined to the domain. I checked a couple other users inhouse with 2010 and sure enough all the settings required were populated even the URL for the Exchange proxy and SSL. This is good to know!!!

Bottom line, I changed the problem users password in AD to Match his password on his Laptop. I have asked him not to use "outlook anywhere" and to only log in with RDP for about a week to be sure something else was not locking out his account. I will have him try the Outlook anywhere once we are confident it wasnt anything else. If this corrects it I will award points to all!

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.