Solved

Account lockout via Smartphones every morning

Posted on 2013-11-20
4
296 Views
Last Modified: 2014-01-03
A handful of my users (of course they are executive level) are experiencing a rather strange issue. It appears that every morning their AD accounts are getting locked out. This seems to happen around the same time every morning and the reason the user knows is that their Smartphone which recieves company emails starts asking for the username/password at which point they attempt to enter it and it either works or the account is locked and someone has to manually unlock the account.

We are running a 2008 Active Directory Domain and Exchange 2010. Looking for suggestions on how I can track down the issue that is causing these account lockouts every morning.
0
Comment
Question by:dowhatyoudo22
4 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 500 total points
ID: 39662615
The manual way to do this is to check the Security Logs on the Domain Controllers. This can be a daunting task if you have multiple DC's in your environment (which most businesses do). I would highly recommend downloading and installed ADAuditPlus by Manage Engine.

This is not a free product but they do have a fully featured trial for 30 days. It is very inexpensive for the value i beleive it brings to monitor AD.

ADAudit Plus - http://www.manageengine.com/products/active-directory-audit/

Will.
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 39665090
On th DC check the security log event id 644(Win2003) or 4740(Win2k8) will occur if the account is getting locked.Open the event and check the caller Machine.If the event id 644/4740 has not occured then this mean that in audit policy user account management policy is not configured.Configure the same and check if the events are occuring


Troubleshooting account lockout the Microsoft PSS way:
http://blogs.technet.com/b/instan/archive/2009/09/01/troubleshooting-account-lockout-the-pss-way.aspx

Paul Bergson's User Account Lockout Troubleshooting
http://www.pbbergs.com/windows/articles/UserAccountLockoutTroubleshooting.html

Download the accountlockout tools and management pack to help resolve the issue.
http://www.microsoft.com/downloads/details.aspx?familyid=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en

Auditing failed logon events and account lockouts
http://technet.microsoft.com/en-us/library/cc671957(WS.10).aspx

You can also set the debug flag on NetLogon to track authentication.  "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."
Enabling debug logging for the Net Logon service
http://support.microsoft.com/kb/109626

Using the checked Netlogon.dll to track account lockouts
http://support.microsoft.com/kb/189541


Sometimes the network trace(Wireshark tool) will the most helpful piece to figure out where the lockout is coming from. Is this a normal user or could this account be used on a service somewhere?
0
 
LVL 10

Expert Comment

by:Pramod Ubhe
ID: 39665174
lockoutstatus.exe can help you or we usually ask our network guys to track MAC ID of the device sending bad password on Cisco ACS server.
0
 

Author Closing Comment

by:dowhatyoudo22
ID: 39754175
This tool worked well. I was able to pin the problem to a third DC that was out of sync with the other two DCs. Once I corrected this issue the accounts stopped locking up.

Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question