Avatar of Dwight Crane
Dwight CraneFlag for United States of America asked on

My DomAdmin account locks every 3-5 minutes

I can't seem to find out why my Account keeps getting locked.  I know it's because failed password attempts.  I used the LockoutStatus tool and in the ORIG field it says DC1 which is my PDC.   I checked all the services and don't see any that are using this account.  This is a brand new domain built within just the past few weeks, not sure how long this has been going on but it became an issue in the last couple days.

I looked in the event log but I don't really see anything.

How can I find out what is causing this?

--- all servers are 2008r2 with all updates
Windows NetworkingWindows Server 2008Active Directory

Avatar of undefined
Last Comment
vmagan

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
vmagan

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER
Dwight Crane

Yes that is the tool I used. Ok I turned on that logging then went into the security logs.  I think I may have found the issue. We added a new Stor server 3 days ago and that seems to be the IP its pointing to. with KRBTGT Pre Auth failures

I will disable this for now and see if it makes a difference... Thanks
vmagan

Yup glad the logging events helped. Keep us posted with results.

Thanks
Your help has saved me hundreds of hours of internet surfing.
fblack61