kerberos pre authentication failure

Hi Experts,

I have an issue with an user.
The user is at home and logs in via VPN.
The VPN login works but later on the user account in AD is always locked.

Can you explain me why ?
Eprs_AdminSystem ArchitectAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zejburtonCommented:
Most of the time this issue is normally software, email accounts on phones / ipads and other clients that use a network login  that could have an old or the wrong password that make automatic attempts . Make sure of that first as thats often the case!

Have you checked the event viewer security logs at all either? It will normally till you if it is after failed login attempts (and from where if configured properly). (event 519).

Other things that can cache old vpn credentials are viruses (Conficker and the like) - ive had this issue solved before by removing malware from the machine.

Cheers
AmitIT ArchitectCommented:
You need to find the source for account lockout. Using ADlock out tool from MS you can find it, which device or machine causing the lock out. Primary reason is wrong password cached on a device or machine which user forget to change.

Last option is to rename the account in AD. Goto Account tab and append a number at the end, this is a work around, if you are unable to find source machine. Rename won't impact profile. However, user need to use this new id for sign-in to device or machine.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.