Solved

My AD account locks every 15 seconds.

Posted on 2013-06-20
7
1,642 Views
Last Modified: 2013-10-03
A couple of months ago I had an issue where my AD  account was locking up every few minutes.  

Now I am getting the same thing where my account is locking literally every 15 seconds. I have checked the event logs, account lock out tools.

What can I use to find out which service is locking my account?
0
Comment
Question by:tips54
7 Comments
 
LVL 15

Expert Comment

by:Rob Stone
ID: 39264357
It's been a while since I looked at this, but the process I used was:

Downloaded the tools (you've done this by the looks of things)
http://www.microsoft.com/en-us/download/details.aspx?id=18465

One of the tools would show what DC the request is going to first and you can then filter the security event viewer for your account lockout and see what IP address it's generating from.

From that host check any old remote settings, scheduled jobs, anything that may have your credentials cached and out of date.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
ID: 39264483
Hi ,

Please follow below steps to resolve account lockout issues.

Perform these steps on client side where you used to login.

1.      Check If a Local User Account is present with the same Name as AD account

Click on Start menu à run button type lusrmgr.msc
•      If Present Change/ Rename the local User account.

2.      Clearing Temporary Files

•      Take a fresh browser and select Internet Options from Tools Menu
•      Click on Delete Cookies
•      Click on Delete Files
•      Click on Clear History Button
•      This will clear all your temporary files and History.
•      Delete files in the Temp / Prefetch folder.

3.      Clearing Saved Passwords and Forms

•      Take a fresh browser and select Internet Options from Tools Menu
•      Select the content and click on ‘AutoComplete’
•      Click on clear forms and clear passwords
•      This will clear all the stored passwords


4.      Removing Mapped Drives
•      Go to My Computer
•      Right click on the shared drive (if any)
•      Click disconnect in the menu.
•      This will remove the Shared Drive
 
5.      If user is using Adobe Reader  
•      Delete the Updater5 folder located at C:\Program Files\Common Files\Adobe as shown below
•      Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader 8.0\Reader

6.      Remove the Stored passwords

•      Start->Run
•      Type Control UserPasswords2 in Run Menu
•      Go to AdvancedàManage Passwords
•      Remove all stored passwords

7.      Remove Unnecessary applications from  startup

•      Got o Start > Run
•      type MSCONFIG
•      Click on Startup Tab
•      Uncheck which is not required from startup

8.      Check Antivirus Client for Defn Update / Virus infections.

9.      Check for Third Party Softwares
•      Check for the Existence of Third Party Softwares and Remove

10.      Check for tasks like ( Apple task ), Disable all tasks
11.      
12.      Uninstall auto update software’s ( You can update these software’s manually)


Regards,
Manjunath S
0
 
LVL 5

Expert Comment

by:Pankaj_401
ID: 39265371
Check the account policy in  your AD management console; may there is something that is why its occurring again and again

if you are using windows 2008 then just go to your AD and check the properties of this user

or in 2003 you can go with mste.msc -> group policy management-> policies->windows setting-> security setting-> account locked out policy
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 430 total points
ID: 39265411
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!
For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

Hope this helps
0
 
LVL 2

Expert Comment

by:titan123
ID: 39265743
What are you running, how many users, what is your current config?

It could be many reasons from licensing to user settings. What is the time frame from once you stup the account and when it stops working?

It can be due to the virus trying to use the users credentials. My anti Virus was also not detecting it. A quick way to check, would be to change the password account lockout policy, so that it doesnt lock out after entering the wrong password.

If that stops the problem you know that youve got something nasty on your network.
0
 

Author Comment

by:tips54
ID: 39308569
I got this issue resolved.  I had one of the ISO shares setup using my account.
0
 

Author Closing Comment

by:tips54
ID: 39544372
LockoutStatus helped me identify the issue
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

26 Experts available now in Live!

Get 1:1 Help Now