Solved

account looking out

Posted on 2013-05-28
15
247 Views
Last Modified: 2013-10-08
For some reason my account has been locking out every few minutes throughout the day.  I have checked the security logs locally and on the DC and I don't see anything, I don't have any scheduled task using my account. How I track down that is causing acct to lock so freequently?

I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
0
Comment
Question by:tips54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
  • 2
  • +2
15 Comments
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39202877
download the Account Lockout and Management Tools  from microsoft website here

Also if you have a mobile or ipad check for expired credentials.
0
 

Author Comment

by:tips54
ID: 39203102
Thanks Silva,

I downloaded that tool and all I can see is the account was locked.  My account is being locked within minutes now.
I also disable active synch on my exchange account.
0
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39203162
1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the exact time also.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.

Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39203373
Try any use AD Audit Plus. This is a paid service but one of the easiest applications to setup. You can download a free 30 day trial. I use this program on a daily basis and collect security logs for more then 30 plus domain controllers. You will instantly see where you machine is being locked out on.  

http://www.manageengine.com/products/active-directory-audit/download-free.html
0
 

Author Comment

by:tips54
ID: 39203389
I will try that Silva.  Just as an fyi.  I disconnected the network cable from a couple computers I was using and my user account still locked several times.
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39203636
Hello,

You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.

http://www.netwrix.com/account_lockout_examiner.html
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39204298
Have you set to lock people out after a certain amount of failed log in attempts?

This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk

you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
0
 

Author Comment

by:tips54
ID: 39205572
After running the Netwrix software I found that my account is being locked by one of my Xenserver Host.
I don't have anything configured as me on that host.  what could be the issue?
0
 

Author Comment

by:tips54
ID: 39205690
Any thoughts?
0
 

Author Comment

by:tips54
ID: 39206191
When I look it says the server locking my account is one of my Xenservers IP.  could this be the server running on the vm?
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39206468
Check the task schedule on the server as well if possible delete the saved passwords on this server and check again. Also there are possibilities that any services or script running on the server configured with this account which might be causing the lockout issue.
0
 

Author Comment

by:tips54
ID: 39206724
I checked all of those before posting on here Tushar.
I was able to get this issue resolved.  I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find.  I had to make another host the master in the pool and that took care of it.
0
 

Author Comment

by:tips54
ID: 39263789
This is happening again.  my account is locking every 15 seconds.
0
 

Accepted Solution

by:
tips54 earned 0 total points
ID: 39544456
resolved.
0
 

Author Closing Comment

by:tips54
ID: 39554940
I used account lock tool to resolve it
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question