[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 544
  • Last Modified:

Windows 2008 AD account lockout

The newest user that we have created in our AD is having account lockout issue when attempting to access Exchange mail through MS Outlook 2010.  There are no password lockout group policies defined.  When the account does get locked out, and I believe that it happens when the user opens MS Outlook 2010.  The LockoutStatus utility shows that they have entered 5 bad passwords and then the account is locked out.  I am also seeing corresponding security audit errors (0xc000006a) in the event log referring to bad password.

Exchange 2010 is setup with Outlook Anywhere and at least 5 other users can get successful Outlook access from outside the network without VPN.

This users laptop had been joined to the domain at one point while it was VPN'ed in.

Thanks for any assistance that is provided and let me know what other information I can provide.
0
InfoSysNetworks
Asked:
InfoSysNetworks
  • 6
  • 3
  • 3
  • +3
1 Solution
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Click Start - > Run -> Control keymgr.dll (a wizard would open just check if there is cached credentials if so make a note restart the client machine and check).

- Rancy
0
 
InfoSysNetworksAuthor Commented:
This is a Win7 client and it looks like this command is for XP?  This command has been replaced with cmdkey.

UPDATE:  This client PC has also subsequently been removed from the domain.  This did not solve the issue.
0
 
Exchange_GeekCommented:
Which method is the user using to connect to OL?

=> OL over VPN OR OL anywhere (connecting remotely) OR OL in online mode (locally) OR OL in offline mode (locally)?
=> Is the user using BB or Iphone to sync?
=> What is the user experience when there are logs being written of failed password attempts?
=> Can we try to provide access to this user of any other work station to check if the user can work with OL successfully or unsuccessfully? This is to simply ensure that we are working towards solving a local machine issue OR server-side issue.

Awaiting your response.

Regards,
Exchange_Geek
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
InfoSysNetworksAuthor Commented:
The access is through Outlook Anywhere (remotely).  They do have a DROID phone setup for ActiveSync access.  I believe that the users experience is non-access to Outlook mail due to account lockout.  We may have a few VMs with the Outlook client installed in order for this user to attempt to access Outlook connectivity "locally" through a VPN/RDP session.  I will update when I can.
0
 
Exchange_GeekCommented:
Thanks, I'd prefer to check those accounts when there are no-third party device connecting knowingly or unknowingly. You know what i mean right?

Regards,
Exchange_Geek
0
 
InfoSysNetworksAuthor Commented:
Yes, I understand.  In addition to what I had stated before about user experience.

The user is simply attempting to login to Outlook when the log errors are generated.  

Thanks for your reply EG.
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
So do you mean that at the same time when the issue occurs user isnt using the droid ?

Is there any additional mailboxes or PST attached to users outlook ?

What is the Outlook version and method of connection ?

Did you try disabling any additional Outlook add-ons and then check :)

- Rancy
0
 
vicky19Commented:
What if the user opens Outlook with safe mode ?
Does the issue occur if users opens mailbox through Outlook Web Access ?
Any Outlook add-ons ... try disabling them.

Regards
0
 
ExchangePanditCommented:
Could you please confirm if we configure another account (test account) on that laptop and  whether that works?
0
 
InfoSysNetworksAuthor Commented:
We are still in the testing phase after making the following change:

http://www.oucs.ox.ac.uk/nexus/outlook2010/credentials.xml

After the first response regarding cached credentials (Rancy), we did a search for Outlook 2010 / Win7 cached credentials.  So far so good, with this change.  It seemed to be localized to this user on this laptop.  If the account was unlocked, OWA was not an issue.

We will update after a few days.
0
 
Exchange_GeekCommented:
That'll be interesting to see if the cached windows creds is causing this issue.

All the best.

Regards,
Exchange_Geek
0
 
Manpreet SIngh KhatraSolutions Architect, Project LeadCommented:
Sure will await your update :)

- Rancy
0
 
mdttechCommented:
We've been having this issue for the last 5 months, and we've been unable to resolve it.  From what I can tell Outlook 2010 authenticates as many times as possible until the account locks out; but only shows the user one logon prompt.  I attempted this with Outlook 2007 connecting to the same Exchange 2010 environment with the same account, Outlook 2007 only sends 4 password attempts per one prompt.  I'm leaning towards an Outlook 2010 issue, as I've done excessive research on this over the last few weeks; using ALTools to watch lockout attempts, testing on multiple PCs from multiple situations (OWA, Outlook 2010, Outlook 2007), as well as coming across several articles on Experts Exchange, Technet, and other technical blogs describing this exact issue; to date I've not found a solution, but please let us know if this solved your issues.!

-Thanks

MDTTech
0
 
InfoSysNetworksAuthor Commented:
Opened a ticket with MS. Will advise.
0
 
InfoSysNetworksAuthor Commented:
It did end up being cached credentials on the client PC for our situation.  Deleted all cached credentials and this cleared up the account-lockout issue.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

  • 6
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now