[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

account looking out

Posted on 2013-05-28
15
Medium Priority
?
251 Views
Last Modified: 2013-10-08
For some reason my account has been locking out every few minutes throughout the day.  I have checked the security logs locally and on the DC and I don't see anything, I don't have any scheduled task using my account. How I track down that is causing acct to lock so freequently?

I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
0
Comment
Question by:tips54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
  • 2
  • +2
15 Comments
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39202877
download the Account Lockout and Management Tools  from microsoft website here

Also if you have a mobile or ipad check for expired credentials.
0
 

Author Comment

by:tips54
ID: 39203102
Thanks Silva,

I downloaded that tool and all I can see is the account was locked.  My account is being locked within minutes now.
I also disable active synch on my exchange account.
0
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39203162
1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the exact time also.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.

Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39203373
Try any use AD Audit Plus. This is a paid service but one of the easiest applications to setup. You can download a free 30 day trial. I use this program on a daily basis and collect security logs for more then 30 plus domain controllers. You will instantly see where you machine is being locked out on.  

http://www.manageengine.com/products/active-directory-audit/download-free.html
0
 

Author Comment

by:tips54
ID: 39203389
I will try that Silva.  Just as an fyi.  I disconnected the network cable from a couple computers I was using and my user account still locked several times.
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39203636
Hello,

You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.

http://www.netwrix.com/account_lockout_examiner.html
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39204298
Have you set to lock people out after a certain amount of failed log in attempts?

This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk

you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
0
 

Author Comment

by:tips54
ID: 39205572
After running the Netwrix software I found that my account is being locked by one of my Xenserver Host.
I don't have anything configured as me on that host.  what could be the issue?
0
 

Author Comment

by:tips54
ID: 39205690
Any thoughts?
0
 

Author Comment

by:tips54
ID: 39206191
When I look it says the server locking my account is one of my Xenservers IP.  could this be the server running on the vm?
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39206468
Check the task schedule on the server as well if possible delete the saved passwords on this server and check again. Also there are possibilities that any services or script running on the server configured with this account which might be causing the lockout issue.
0
 

Author Comment

by:tips54
ID: 39206724
I checked all of those before posting on here Tushar.
I was able to get this issue resolved.  I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find.  I had to make another host the master in the pool and that took care of it.
0
 

Author Comment

by:tips54
ID: 39263789
This is happening again.  my account is locking every 15 seconds.
0
 

Accepted Solution

by:
tips54 earned 0 total points
ID: 39544456
resolved.
0
 

Author Closing Comment

by:tips54
ID: 39554940
I used account lock tool to resolve it
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question