Random AD Account Lockout's on Win 2k8 R2 DC.
Posted on 2013-01-07
We have recently upgraded from Exchange 2003 (Yea I know) to Exchange 2012. Ever since our data was migrated to the new hosts servers (might be coincidence) we are getting calls that users are getting locked out of their AD accounts. There are multiple users all logging in on their PC’s/Laptop’s that they use every day. The migration for e-mail was completed last Thursday morning and we did not start seeing this issue until Friday afternoon. The E-mail migration has been completed and everything seems to be working well on that front.
We have about 15 to 25 users that keep getting locked out. Here are the strange things.
1. We did not see this until after the migration.
2. There are users in different groups and locations. All of them using windows XP with Outlook 2010 connected to exchange 2010.
3. There are some users that always get locked out and there are usually some other users that get added to the list of lockouts that have not been there before.
4. I have downloaded Microsoft’s Account Lockout Tools. And I am able to get the user that locked themselves out and what PC they used (every time it has been the pc/laptops they use all the time) but it is telling me that it is always the same DC they are connecting to that locks them out.
5. Some of the users are logged in and working for hours and still gets locked during the time they are actively working.
6. The majority of our users are working fine.
I am trying the suggested process of placing the Appinit.reg file (as part of the MS Account lockout tools) on one of the problem PC’s but that PC has not had its users lock themselves out yet.
I need help to identify what is causing the lockouts.
1. I ran AV scan on the DC (just in case) and it did not turn up anything.
2. I have checked and found that some of the users that are getting locked out are using Apple Devices but the Apple devices seem to be working fine.
3. I am not aware of any group policy change's