Solved

account looking out

Posted on 2013-05-28
15
249 Views
Last Modified: 2013-10-08
For some reason my account has been locking out every few minutes throughout the day.  I have checked the security logs locally and on the DC and I don't see anything, I don't have any scheduled task using my account. How I track down that is causing acct to lock so freequently?

I have ran an anti malware, changed my password, rebooted, deleted any stored accounts in Windows.
0
Comment
Question by:tips54
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 2
  • 2
  • +2
15 Comments
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39202877
download the Account Lockout and Management Tools  from microsoft website here

Also if you have a mobile or ipad check for expired credentials.
0
 

Author Comment

by:tips54
ID: 39203102
Thanks Silva,

I downloaded that tool and all I can see is the account was locked.  My account is being locked within minutes now.
I also disable active synch on my exchange account.
0
 
LVL 4

Expert Comment

by:Rsilva98
ID: 39203162
1. Use LockoutStatus.exe to determine that which DC is getting the wrong password and it will show you the exact time also.
2. Go to that DC....Open security log for the time exactly mentioned in LockoutStatus.exe and you will find the IP of source computer sending the wrong password.
3. Once you get the IP of the source you can use the tools to start finding the issue for locking your account.

Also try to logon in another computer to see if the if the problem continues. There a network virus called "win32.kido" who create those symptoms. so run a scan on it.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 39203373
Try any use AD Audit Plus. This is a paid service but one of the easiest applications to setup. You can download a free 30 day trial. I use this program on a daily basis and collect security logs for more then 30 plus domain controllers. You will instantly see where you machine is being locked out on.  

http://www.manageengine.com/products/active-directory-audit/download-free.html
0
 

Author Comment

by:tips54
ID: 39203389
I will try that Silva.  Just as an fyi.  I disconnected the network cable from a couple computers I was using and my user account still locked several times.
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39203636
Hello,

You can user the below account lockout tool which can give you detail information like when the account was locked out, the source and the attempts made as well.

http://www.netwrix.com/account_lockout_examiner.html
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39204298
Have you set to lock people out after a certain amount of failed log in attempts?

This might be the cause , you may have some software or program or person on your network trying to check all accounts and try a either a password cracker r something of that ilk

you will probably need to get some scanning software or change report software to try and track down where the attacks are coming from
0
 

Author Comment

by:tips54
ID: 39205572
After running the Netwrix software I found that my account is being locked by one of my Xenserver Host.
I don't have anything configured as me on that host.  what could be the issue?
0
 

Author Comment

by:tips54
ID: 39205690
Any thoughts?
0
 

Author Comment

by:tips54
ID: 39206191
When I look it says the server locking my account is one of my Xenservers IP.  could this be the server running on the vm?
0
 
LVL 4

Expert Comment

by:Tushar_Darwatkar
ID: 39206468
Check the task schedule on the server as well if possible delete the saved passwords on this server and check again. Also there are possibilities that any services or script running on the server configured with this account which might be causing the lockout issue.
0
 

Author Comment

by:tips54
ID: 39206724
I checked all of those before posting on here Tushar.
I was able to get this issue resolved.  I was able to trace this issue to the Citrix host and at sometime I must integrated it to AD, which we could not find.  I had to make another host the master in the pool and that took care of it.
0
 

Author Comment

by:tips54
ID: 39263789
This is happening again.  my account is locking every 15 seconds.
0
 

Accepted Solution

by:
tips54 earned 0 total points
ID: 39544456
resolved.
0
 

Author Closing Comment

by:tips54
ID: 39554940
I used account lock tool to resolve it
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question