Solved

My AD account locks every 15 seconds.

Posted on 2013-06-20
7
1,539 Views
Last Modified: 2013-10-03
A couple of months ago I had an issue where my AD  account was locking up every few minutes.  

Now I am getting the same thing where my account is locking literally every 15 seconds. I have checked the event logs, account lock out tools.

What can I use to find out which service is locking my account?
0
Comment
Question by:tips54
7 Comments
 
LVL 15

Expert Comment

by:Rob Stone
Comment Utility
It's been a while since I looked at this, but the process I used was:

Downloaded the tools (you've done this by the looks of things)
http://www.microsoft.com/en-us/download/details.aspx?id=18465

One of the tools would show what DC the request is going to first and you can then filter the security event viewer for your account lockout and see what IP address it's generating from.

From that host check any old remote settings, scheduled jobs, anything that may have your credentials cached and out of date.
0
 
LVL 11

Expert Comment

by:Manjunath Sullad
Comment Utility
Hi ,

Please follow below steps to resolve account lockout issues.

Perform these steps on client side where you used to login.

1.      Check If a Local User Account is present with the same Name as AD account

Click on Start menu à run button type lusrmgr.msc
•      If Present Change/ Rename the local User account.

2.      Clearing Temporary Files

•      Take a fresh browser and select Internet Options from Tools Menu
•      Click on Delete Cookies
•      Click on Delete Files
•      Click on Clear History Button
•      This will clear all your temporary files and History.
•      Delete files in the Temp / Prefetch folder.

3.      Clearing Saved Passwords and Forms

•      Take a fresh browser and select Internet Options from Tools Menu
•      Select the content and click on ‘AutoComplete’
•      Click on clear forms and clear passwords
•      This will clear all the stored passwords


4.      Removing Mapped Drives
•      Go to My Computer
•      Right click on the shared drive (if any)
•      Click disconnect in the menu.
•      This will remove the Shared Drive
 
5.      If user is using Adobe Reader  
•      Delete the Updater5 folder located at C:\Program Files\Common Files\Adobe as shown below
•      Delete the AdobeUpdater.dll file in the folder C:\Program Files\Adobe\Reader 8.0\Reader

6.      Remove the Stored passwords

•      Start->Run
•      Type Control UserPasswords2 in Run Menu
•      Go to AdvancedàManage Passwords
•      Remove all stored passwords

7.      Remove Unnecessary applications from  startup

•      Got o Start > Run
•      type MSCONFIG
•      Click on Startup Tab
•      Uncheck which is not required from startup

8.      Check Antivirus Client for Defn Update / Virus infections.

9.      Check for Third Party Softwares
•      Check for the Existence of Third Party Softwares and Remove

10.      Check for tasks like ( Apple task ), Disable all tasks
11.      
12.      Uninstall auto update software’s ( You can update these software’s manually)


Regards,
Manjunath S
0
 
LVL 5

Expert Comment

by:Pankaj_401
Comment Utility
Check the account policy in  your AD management console; may there is something that is why its occurring again and again

if you are using windows 2008 then just go to your AD and check the properties of this user

or in 2003 you can go with mste.msc -> group policy management-> policies->windows setting-> security setting-> account locked out policy
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 430 total points
Comment Utility
If user id is getting frequently locked out use the Eventcomb LockoutStatus.exe to determine which DC it is being locked out upon then examine the security log of that domain controller to determine the member server or workstatuion it is occuring on. You can then check scheduled tasks/services to nail down or log user out of the system identified if logged in.

Does user involved has a smartphone or some kind of mobile device using AD credentials for connecting (like exchange), if it fails to connect 3 times (depending on your GPO's), it locks his account.Have a look on all his stuff using his user account automatically, specially his mobile (90% of the time guilty).

There may be many other causes for account locked out.
•user's account in stored user name and passwords
•user's account tied to persistent mapped drive
•user's account as a service account
•user's account used as an IIS application pool identity
•user's account tied to a scheduled task
•un-suspending a virtual machine after a user's pw as changed
•A SMARTPHONE!!!
For more refer KB article:http://technet.microsoft.com/en-us/library/cc773155(WS.10).aspx

Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541

Hope this helps
0
 
LVL 2

Expert Comment

by:titan123
Comment Utility
What are you running, how many users, what is your current config?

It could be many reasons from licensing to user settings. What is the time frame from once you stup the account and when it stops working?

It can be due to the virus trying to use the users credentials. My anti Virus was also not detecting it. A quick way to check, would be to change the password account lockout policy, so that it doesnt lock out after entering the wrong password.

If that stops the problem you know that youve got something nasty on your network.
0
 

Author Comment

by:tips54
Comment Utility
I got this issue resolved.  I had one of the ISO shares setup using my account.
0
 

Author Closing Comment

by:tips54
Comment Utility
LockoutStatus helped me identify the issue
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now