Active Directory continues to lock out Remote User when using Outlook

Johne75 used Ask the Experts™
I have a on the road salesmen that continues to be locked out by AD. This just may be something I am not familiar with but from his laptop and a internet connection outside of our network he can send and recieve email with the local outlook not being in the office connected to our network??? He says he logs in remotely using RDP to our terminal server and closes the Remote session. From there he can open outlook locally on his laptop and send/receive email. His account continues to get locked out now even when he only uses the terminal server. First I didnt know this could be done with Outlook and would like to know more about it. Second there doesnt appear to be any consistency of when he gets locked out. He has had to change his password within our AD domain when logged in RDP to terminal server. Password cannot be changed on his laptop until he is back in the office connected to our domain. Is there some sort of false authentication going on here in the background with the local outlook using the old password from the laptop. Any thoughts would be appreciated! Oh outlook is 2010 on his Laptop. 2003 on the terminal server. This may not have anything to do with his problems but no one else have used outlook this way and there arent any complaints from other users being locked out.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

First, you answered your own question.  He's sales, there's nothing else to say. :)

2nd. If he can VPN in, he can change his password from his laptop.  He just needs to do it from the ctrl+alt+del screen when logged into Windows.

Great point Paul!
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

But is it Exchange 2k10?

I believe Outlook Anywhere can be configured from EX07...maybe even EX 03


Exchange 2007. I have not configured Outlook Anywhere on his laptop. Also I am a little confused how he can change his laptop password when using RDP to our server? It will work?

If he VPNs in, he needs to change the password directly from his laptop, but yeah, it works. :)
Top Expert 2012
We have had similar issues in the past.

This really comes down to user training
If the user has VPN access and Can Access their Outlook Via Terminal Server.
This is the way the need to be doing it. All Work should be done while in the Terminal Server Session.

Connecting to the VPN
Then using Outlook Locally can cause the users account to get locked out.

User may not be able to change the password on the actual laptop,but their AD Account password can be changed via AD,
or once logged in via VPN and connected to terminal Server the user can change the password.

Only thing is they will need to remain using their old password to log on locally until they get back to the office.

Need to also check that the Staff do not also have a Mobile Phone thats synching with their Exchange Mail
If they do, and they dont change passwords on this, their AD Account will get locked out.


This is exactly what I was suspecting and is good to know! I have another user connecting with outlook from his home computer (not joined to domain obviously) who occasionally gets locked out when he uses it. He also has his iPad, he used to have a Blackberry joined to our BES now has an iPhone connected with Active Sync and also connects with OWA and RDP...its our CEO and hes a pain sometimes...There are other individuals using iPads, iPhones, Blackberries etc but not the Outlook like described in this thread and have never had problems. I can only assume there passwords are the same on their other devices or they arent using one!

You are right about Sales guys for sure! They are a pain...Also, I did try to change the password like you mentioned and it did not work. I think Apacheo9 is right he needs to be back in the office to do that as I suspected.

Thanks for the Tool! I will certainly use this for future needs and if changing his passwords do not correct the problem! And thanks for Mentioning Outlook Anywhere. I did make changes on the server some time ago to allow for this but learned researching all this yesterday that it is enabled out of the box when joined to the domain. I checked a couple other users inhouse with 2010 and sure enough all the settings required were populated even the URL for the Exchange proxy and SSL. This is good to know!!!

Bottom line, I changed the problem users password in AD to Match his password on his Laptop. I have asked him not to use "outlook anywhere" and to only log in with RDP for about a week to be sure something else was not locking out his account. I will have him try the Outlook anywhere once we are confident it wasnt anything else. If this corrects it I will award points to all!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial