?
Solved

account looking out

Posted on 2013-05-28
15
Medium Priority
?
250 Views
Last Modified: 2013-10-08
For some reason my account has been locking out every few minutes throughout the day.  I have checked the security logs locally and on the DC and I don't see anything, I don't have any scheduled task using my account. How I track down that is causing acct to lock so freequently?

I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
0
Comment
Question by:tips54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
  • 2
  • +2
15 Comments
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39202877
download the Account Lockout and Management Tools  from microsoft website here

Also if you have a mobile or ipad check for expired credentials.
0
 

Author Comment

by:tips54
ID: 39203102
Thanks Silva,

I downloaded that tool and all I can see is the account was locked.  My account is being locked within minutes now.
I also disable active synch on my exchange account.
0
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39203162
1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the exact time also.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.

Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39203373
Try any use AD Audit Plus. This is a paid service but one of the easiest applications to setup. You can download a free 30 day trial. I use this program on a daily basis and collect security logs for more then 30 plus domain controllers. You will instantly see where you machine is being locked out on.  

http://www.manageengine.com/products/active-directory-audit/download-free.html
0
 

Author Comment

by:tips54
ID: 39203389
I will try that Silva.  Just as an fyi.  I disconnected the network cable from a couple computers I was using and my user account still locked several times.
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39203636
Hello,

You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.

http://www.netwrix.com/account_lockout_examiner.html
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39204298
Have you set to lock people out after a certain amount of failed log in attempts?

This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk

you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
0
 

Author Comment

by:tips54
ID: 39205572
After running the Netwrix software I found that my account is being locked by one of my Xenserver Host.
I don't have anything configured as me on that host.  what could be the issue?
0
 

Author Comment

by:tips54
ID: 39205690
Any thoughts?
0
 

Author Comment

by:tips54
ID: 39206191
When I look it says the server locking my account is one of my Xenservers IP.  could this be the server running on the vm?
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39206468
Check the task schedule on the server as well if possible delete the saved passwords on this server and check again. Also there are possibilities that any services or script running on the server configured with this account which might be causing the lockout issue.
0
 

Author Comment

by:tips54
ID: 39206724
I checked all of those before posting on here Tushar.
I was able to get this issue resolved.  I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find.  I had to make another host the master in the pool and that took care of it.
0
 

Author Comment

by:tips54
ID: 39263789
This is happening again.  my account is locking every 15 seconds.
0
 

Accepted Solution

by:
tips54 earned 0 total points
ID: 39544456
resolved.
0
 

Author Closing Comment

by:tips54
ID: 39554940
I used account lock tool to resolve it
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses
Course of the Month13 days, 14 hours left to enroll

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question