account locked

Hi Experts,

we use Active Sync with our EXCHANGE server 2007.
One account is always locked.
This account is used by several mobile devices.
Do you have a quick solution to find the guilty device ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

cshepfamCommented:
Use this:

http://www.netwrix.com/netwrix_account_lockout_examiner.html

Soon as the account is locked out, you'll get an email and it will also tell you from what device/computer it was locked out from.
Jeff PerryWindows AdministratorCommented:
I believe you are experiencing something similar to what this article describes.

http://serverfault.com/questions/370651/activesync-devices-causing-accounts-to-lockout

Here is another article on troubleshooting AD account lockouts.

http://realit1.blogspot.in/2012/04/troubleshooting-active-directory.html
Will SzymkowskiSenior Solution ArchitectCommented:
In order to see where this account is getting locked out on your need to configure Active Directory Auditing. From there you would then need to check the security logs on the domain controllers. If you have several domain controllers you will need to check the security logs on all of them. This is because the user can authenticate to any one your DC's. Personally i would recommend using something like Active Directory Auditor by Ledpie Software.

Great product and it can also provide several other reporting tasks within your domain.
http://www.lepide.com/lepideauditor/active-directory.html

Will.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

AmitIT ArchitectCommented:
Just use Microsoft AD lock tool. It is free.
http://www.microsoft.com/en-in/download/details.aspx?id=18465

Step1 you need to find from which DC it is getting locked out. Then on that DC you run eventcom exe and select security logs, put the user name and search it, it will create one log file, open and search that username, you will find from which device or machine it is getting locked out. Next you need to ask user to remove ID from the device or machine or update the correct password.

If user is unable to fix it. Then last option is to rename the account. Goto account tab and append digit or alphabet. That will stop account lock out.

Remember, if your DC logs are overwritten then you cannot find the data, you need to wait for lockout again.
Eprs_AdminSystem ArchitectAuthor Commented:
Hi Experts,

I have this security log for you.

Fehler bei der Kerberos-Vorauthentifizierung.

Kontoinformationen:
	Sicherheits-ID:			HBGNB\notdienststo11
	Kontoname:				notdienststo11

Dienstinformationen:
	Dienstname:				krbtgt/hbgnb

Netzwerkinformationen:
	Clientadresse:				::ffff:10.2.1.2
	Clientport:				12335

Weitere Informationen:
	Ticketoptionen:			0x40810010
	Fehlercode:				0x18
	Typ vor der Authentifizierung:	2

Zertifikatsinformationen:
	Zertifikatausstellername:		
	Seriennummer des Zertifikats: 	
	Zertifikatfingerabdruck:		

Zertifikatinformationen werden nur bereitgestellt, wenn ein Zertifikat zur Vorauthentifizierung verwendet wurde.

Vorauthentifizierungtypen, Ticketoptionen und Fehlercodes sind in RFC 4120 definiert.

Wenn das Ticket eine ungültige Form hat oder beim Transport beschädigt wurde und nicht entschlüsselt werden kann, sind viele Fehler dieses Ereignisses möglicherweise nicht vorhanden.

Open in new window

Eprs_AdminSystem ArchitectAuthor Commented:
The IP is my second DC, that I don´t understand.
Eprs_AdminSystem ArchitectAuthor Commented:
My account is locked out in nearly 20 Seconds.

But why my 2nd DC is listed ?
Jeff PerryWindows AdministratorCommented:
I am having trouble with the translation but I think the general error is that the account is trying to authenticate against your 2nd dc but the Kerberos stored credentials don't match.

This can be caused by a number of issues. I have found this forum post that may help you.

http://stackoverflow.com/questions/4468677/domain-account-keeping-locking-out-with-correct-password-every-few-minutes

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Eprs_AdminSystem ArchitectAuthor Commented:
Now we solved it with a new account name but same email address.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.