Mcgrathnicol
asked on
Account is keep locking out for a user
I have done the following without success
- Deleted all the cache credentials from the laptop.
- provided different laptop
- use EventCombMT from microsoft to trace the locked out account.
- found event ID 644 (unable to find any solution for that)
- confirmed user is not using exchange account to sync email in mobile phone
We have four domain R/W DC and we use exchange 2010 for email.
FYI - One perticular account keep locking out at least 5-6 times a day.
Is there anything I can do without changing user's login name?
Any advise???
- Deleted all the cache credentials from the laptop.
- provided different laptop
- use EventCombMT from microsoft to trace the locked out account.
- found event ID 644 (unable to find any solution for that)
- confirmed user is not using exchange account to sync email in mobile phone
We have four domain R/W DC and we use exchange 2010 for email.
FYI - One perticular account keep locking out at least 5-6 times a day.
Is there anything I can do without changing user's login name?
Any advise???
Last Comment
motnahp00
You can review the event logs on your DC and try to find out where the bad authentication attempts are coming from. It's typically a network drive mapped with old invalid credentials.
ASKER
Only thing I can get in DC is event ID 644 for account locked out in Win 2003 server. I have checked her drives as well and I am sure there isn't any network drive mapped to it.
On your DCs, do you have auditing enabled for Audit account logon events.
gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
gpedit.msc -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Audit Policy
ASKER
Yes we have.
Look for event ID 529 for that particular user. You should also see the coinciding computer name where the attempt was made from.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hi jerseysam
- I am using account lock out tool but not much help from this.
- Even I gave user new laptop and problem still happening
- I am using account lock out tool but not much help from this.
- Even I gave user new laptop and problem still happening
Looking like creating new profile for him then?
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I guess providing new laptop create new profile itsself locally.
Onlything I hate to do is changing user login name.
Onlything I hate to do is changing user login name.
Yes sorry, i mean new profile on server.
Its a pain but if you tried new computer then it must be his profile is corrupt.
Its a pain but if you tried new computer then it must be his profile is corrupt.
Renaming the login name is not really a good fix. If there are cached credentials set somewhere you will still be bombarded on your event logs.
I already asked about the policies above jerseysam.
I already asked about the policies above jerseysam.
ASKER
Hi motnahp00
I didn't find any event id 529.
I didn't find any event id 529.
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I came across this little gem recently. We had a user that was getting locked just about every day. It would usually occur at logon or sometime shortly thereafter (timing was never consistent).
We used the lockout tools to determine that the lockout was coming from a desktop that she had never used. It turned out that the user naming convention y0000000 was part of the issue. The user on the machine that was locking out the account had transposed two numbers to match the locked out user account. It had gotten cached so when the user on the lockout machine logged in the other account would get locked out. We opened the Credential Store and deleted the offending entry.
Fun!
We used the lockout tools to determine that the lockout was coming from a desktop that she had never used. It turned out that the user naming convention y0000000 was part of the issue. The user on the machine that was locking out the account had transposed two numbers to match the locked out user account. It had gotten cached so when the user on the lockout machine logged in the other account would get locked out. We opened the Credential Store and deleted the offending entry.
Fun!
Exchange
Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.
213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
