Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Account lockout via Smartphones every morning

Posted on 2013-11-20
4
Medium Priority
?
310 Views
Last Modified: 2014-01-03
A handful of my users (of course they are executive level) are experiencing a rather strange issue. It appears that every morning their AD accounts are getting locked out. This seems to happen around the same time every morning and the reason the user knows is that their Smartphone which recieves company emails starts asking for the username/password at which point they attempt to enter it and it either works or the account is locked and someone has to manually unlock the account.

We are running a 2008 Active Directory Domain and Exchange 2010. Looking for suggestions on how I can track down the issue that is causing these account lockouts every morning.
0
Comment
Question by:dowhatyoudo22
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 2000 total points
ID: 39662615
The manual way to do this is to check the Security Logs on the Domain Controllers. This can be a daunting task if you have multiple DC's in your environment (which most businesses do). I would highly recommend downloading and installed ADAuditPlus by Manage Engine.

This is not a free product but they do have a fully featured trial for 30 days. It is very inexpensive for the value i beleive it brings to monitor AD.

ADAudit Plus - http://www.manageengine.com/products/active-directory-audit/

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39665090
On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.Configure the same and check if the events are occuring


Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541


Sometimes the network trace(Wireshark tool) will the most helpful piece to figure out where the lockout is coming from. Is this a normal user or could this account be used on a service somewhere?
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39665174
lockoutstatus.exe can help you or we usually ask our network guys to track MAC ID of the device sending bad password on Cisco ACS server.
0
 

Author Closing Comment

by:dowhatyoudo22
ID: 39754175
This tool worked well. I was able to pin the problem to a third DC that was out of sync with the other two DCs. Once I corrected this issue the accounts stopped locking up.

Thanks!
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Suggested Courses

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question