Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

user accounts are constantly locked out - need

Posted on 2015-02-13
7
Medium Priority
?
507 Views
Last Modified: 2015-03-08
I did a trace and found that most of the lock outs seem to originate from users going to the CAS system (exchange 2010) via their mobile devices.

ex. one of many that  I see in the event viewer of the client access log. They are not all the same type but the same Event ID.

Subject:
      Security ID:            NETWORK SERVICE
      Account Name:            CASName$
      Account Domain:            mydomain
      Logon ID:            0x3e4

Logon Type:                  8

Account For Which Logon Failed:
      Security ID:            NULL SID
      Account Name:            staff@92y.org
      Account Domain:            

Failure Information:
      Failure Reason:            Unknown user name or bad password.
      Status:                  0xc000006d
      Sub Status:            0xc0000064

Process Information:
      Caller Process ID:      0xa58
      Caller Process Name:      F:\Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe

Network Information:
      Workstation Name:      CASName

I'm having a hard time understanding what some of these things mean. I've read the documents and stuff but I'm still a little unsure. Ex. below

- Logon type 8

- Call Processor Name :Windows\System32\inetsrv\w3wp.exe versus Caller Process Name:      Program Files\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe (aren't they both going to owa?)

At this point I'm trying to figure out if they locked their account first which caused their emails to fail or something on their mobile device failed which caused their accounts to be locked.
0
Comment
Question by:iamuser
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 13

Expert Comment

by:Guy Lidbetter
ID: 40608501
Have you considered if they change their password and haven't updated their accounts on their phones?

Is this happening regularly to everyone or only some people?
0
 

Author Comment

by:iamuser
ID: 40608617
This is happening to number of people. All random. While I know chances are they may have changed their passwords somewhere . And that is the cause if the issue I do need some proof. Some of the people getting locked on senior directors and vp's. I want to make sure that I can show the flow if asked.
0
 

Author Comment

by:iamuser
ID: 40608623
And of course they all swear that nothing was changed, that they changed everything, or that they didn't type anything wrong
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 83

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40608883
They had to change their password in Windows as per company policy they now have to change their password on any other device that they have that connects to the domain.  They probably don't remember changing their password.

2 line vbscript

Set objUser = GetObject("LDAP://CN=myerken,OU=management,DC=Fabrikam,DC=com")
Wscript.Echo "Password last changed: " & objUser.PasswordLastChanged

Open in new window

http://bit.ly/1B810H1
0
 

Assisted Solution

by:iamuser
iamuser earned 0 total points
ID: 40608973
I ran the scripts on 2 users who had problems just recently and the last time both changed was at 1/24 and 1/16. So it's not a password causing it.
0
 

Author Closing Comment

by:iamuser
ID: 40652291
I am shutting down this thread and opening a new one
0
 
LVL 13

Expert Comment

by:Guy Lidbetter
ID: 40652542
Please split the points appropriately... As the accepted solution was exactly what i had suggested as being the cause in the first place.
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
Are you an Exchange administrator employed with an organization? And, have you encountered a corrupt Exchange database due to which you are not able to open its EDB file. This article will explain all the steps to repair corrupt Exchange database.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question