tips54
asked on
account looking out
For some reason my account has been locking out every few minutes throughout the day. I have checked the security logs locally and on the DC and I don't see anything, I don't have any scheduled task using my account. How I track down that is causing acct to lock so freequently?
I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
ASKER
Thanks Silva,
I downloaded that tool and all I can see is the account was locked. My account is being locked within minutes now.
I also disable active synch on my exchange account.
I downloaded that tool and all I can see is the account was locked. My account is being locked within minutes now.
I also disable active synch on my exchange account.
1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the exact time also.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.
Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.
Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
Try any use AD Audit Plus. This is a paid service but one of the easiest applications to setup. You can download a free 30 day trial. I use this program on a daily basis and collect security logs for more then 30 plus domain controllers. You will instantly see where you machine is being locked out on.
http://www.manageengine.com/products/active-directory-audit/download-free.html
http://www.manageengine.com/products/active-directory-audit/download-free.html
ASKER
I will try that Silva. Just as an fyi. I disconnected the network cable from a couple computers I was using and my user account still locked several times.
Hello,
You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.
http://www.netwrix.com/account_lockout_examiner.html
You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.
http://www.netwrix.com/account_lockout_examiner.html
Have you set to lock people out after a certain amount of failed log in attempts?
This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk
you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk
you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
ASKER
After running the Netwrix software I found that my account is being locked by one of my Xenserver Host.
I don't have anything configured as me on that host. what could be the issue?
I don't have anything configured as me on that host. what could be the issue?
ASKER
Any thoughts?
ASKER
When I look it says the server locking my account is one of my Xenservers IP. could this be the server running on the vm?
Check the task schedule on the server as well if possible delete the saved passwords on this server and check again. Also there are possibilities that any services or script running on the server configured with this account which might be causing the lockout issue.
ASKER
I checked all of those before posting on here Tushar.
I was able to get this issue resolved. I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find. I had to make another host the master in the pool and that took care of it.
I was able to get this issue resolved. I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find. I had to make another host the master in the pool and that took care of it.
ASKER
This is happening again. my account is locking every 15 seconds.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I used account lock tool to resolve it
Also if you have a mobile or ipad check for expired credentials.