Solved

Random AD Account Lockout's on Win 2k8 R2 DC.

Posted on 2013-01-07
5
915 Views
Last Modified: 2013-02-03
Hello,
We have recently upgraded from Exchange 2003 (Yea I know) to Exchange 2012. Ever since our data was migrated to the new hosts servers (might be coincidence) we are getting calls that users are getting locked out of their AD accounts. There are multiple users all logging in on their PC’s/Laptop’s  that they use every day.  The migration for e-mail was completed last Thursday morning and we did not start seeing this issue until Friday afternoon. The E-mail migration has been completed and everything seems to be working well on that front.
We have about 15 to 25 users that keep getting locked out. Here are the strange things.
1.      We did not see this until after the migration.
2.      There are users in different groups and locations. All of them using windows XP with Outlook 2010 connected to exchange 2010.
3.      There are some users that always get locked out and there are usually some other users that get added to the list of lockouts that have not been there before.
4.      I have downloaded Microsoft’s Account Lockout Tools. And I am able to get the user that locked themselves out and what PC they used (every time it has been the pc/laptops they use all the time) but it is telling me that it is always the same DC they are connecting to that locks them out.  
5.      Some of the users are logged in and working for hours and still gets locked during the time they are actively working.
6.      The majority of our users are working fine.

I am trying the suggested process of placing the Appinit.reg file (as part of the MS Account lockout tools) on one of the problem PC’s but that PC has not had its users lock themselves out yet.
I need help to identify what is causing the lockouts.
Other notes:
1.      I ran AV scan on the DC (just in case) and it did not turn up anything.
2.      I have checked and found that some of the users that are getting locked out are using Apple Devices but the Apple devices seem to be working fine.
3.             I am not aware of any group policy change's
0
Comment
Question by:Treemo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 117 total points
ID: 38752542
0
 
LVL 4

Expert Comment

by:palicos
ID: 38754827
At your case first trouble shoot the accounts lockout status.

http://technet.microsoft.com/en-us/library/cc773155(v=ws.10).aspx

Have a look at the Account Lockout and Management Tools available on the Microsoft Download Center. Specifically LockoutStatus.exe and EventCombMT.exe. You might not be able to exactly pinpoint where the lockout is coming from but you should be able to narrow it down quite a bit to make it easier to see.

Here are a couple more Technet articles that might help:
Maintaining and Monitoring Account Lockout
Account Lockout Tools (description of the tools in the download linked to above)
Using the checked Netlogon.dll to track account lockouts
Enabling debug logging for the Net Logon service

I hope it helps you out.
0
 

Author Comment

by:Treemo
ID: 38756061
Palicos - Thank you, I did try that however and all i was able to get from it is what the user was, What PC they were using that locked the account and what DC was used to lock the account. This is a bit different then the usual things me think's but thank you just the same.

sarang_tinguria - Thanks for the link. Some interesting stuff there. I am DLing the sophos conflicker network scanner now (just in case) Ill post if it finds anything.

At this point, we are still trying to identify what is causing this. During the Exchange rollout, a Office outlook configuration file was used for the users when they logged in to complete the initial connection to the new exchange server. We have contacted the hosted exchange provider to have them look at that file they asked us to use. I am not sure if that file might have something goofy with it that is locking our users out but it makes sence since this all started after the hosted Exchange server was migrated from 2003 to 2010 and the users had to reconnect to the new Exchange 2010 server.
0
 
LVL 17

Accepted Solution

by:
Tony Massa earned 118 total points
ID: 38765951
When an account is locking from a user's PC, you will also get a process ID of the application that is sending the bad password.  SysInternals (Microsoft) has a utility called Process Explorer that can help determine which program is running on the port identified in the event log.  Make sure you turn on failed security events, which isn't enabled on xp/2003 by default.  You would have to have the PC/user/application all at once, but it's doable

Make sure that you are checking any saved passwords:
XP:  http://support.microsoft.com/kb/306992/EN-US

Windows Vista/7: Control Panel/Credential Manager
0
 

Author Closing Comment

by:Treemo
ID: 38849590
It seemes that this is actually an known bug. I got the below from http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e17c4c4c-eb10-459e-912f-9f3d9b8e0a29/ <br />"We use hosted Exchange and the domain in the user ID matches the name of our internal AD domain.  Apparently, Outlook is sending the credentials for hosted Exchange to the domain controller, and since the user ID's are the same as well (ie, domain\jsmith = jsmith@domain.com) the account gets locked.  Apparently, we are not the only one:  http://community.spiceworks.com/topic/151011-hosted-exchange-office-365-causing-domain-lockouts.  <br /><br />It stated in here that it is only a Win 7 to hosted exchange 2010 issue but that is not the situation in our enviroment. it is happning on our XP pc;s also. Still trying to find a fix. <br />I want to try this: <br />http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/e17c4c4c-eb10-459e-912f-9f3d9b8e0a29/ and see what happends
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
A hard and fast method for reducing Active Directory Administrators members.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question