Solved

Account lockout via Smartphones every morning

Posted on 2013-11-20
4
290 Views
Last Modified: 2014-01-03
A handful of my users (of course they are executive level) are experiencing a rather strange issue. It appears that every morning their AD accounts are getting locked out. This seems to happen around the same time every morning and the reason the user knows is that their Smartphone which recieves company emails starts asking for the username/password at which point they attempt to enter it and it either works or the account is locked and someone has to manually unlock the account.

We are running a 2008 Active Directory Domain and Exchange 2010. Looking for suggestions on how I can track down the issue that is causing these account lockouts every morning.
0
Comment
Question by:dowhatyoudo22
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
Comment Utility
The manual way to do this is to check the Security Logs on the Domain Controllers. This can be a daunting task if you have multiple DC's in your environment (which most businesses do). I would highly recommend downloading and installed ADAuditPlus by Manage Engine.

This is not a free product but they do have a fully featured trial for 30 days. It is very inexpensive for the value i beleive it brings to monitor AD.

ADAudit Plus - http://www.manageengine.com/products/active-directory-audit/

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.Configure the same and check if the events are occuring


Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541


Sometimes the network trace(Wireshark tool) will the most helpful piece to figure out where the lockout is coming from. Is this a normal user or could this account be used on a service somewhere?
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
Comment Utility
lockoutstatus.exe can help you or we usually ask our network guys to track MAC ID of the device sending bad password on Cisco ACS server.
0
 

Author Closing Comment

by:dowhatyoudo22
Comment Utility
This tool worked well. I was able to pin the problem to a third DC that was out of sync with the other two DCs. Once I corrected this issue the accounts stopped locking up.

Thanks!
0

Featured Post

Too many email signature changes to deal with?

Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

Join & Write a Comment

Suggested Solutions

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now