Link to home
Start Free TrialLog in
Avatar of Sean Williams
Sean Williams

asked on

AD Lockout when user's computers resume from sleep

AD environment with Kerberos.  We are noticing an increased level of AD lockouts.  Users are stating this occurs after they wake their computers from sleep or move from one area of the campus to another (via WiFi).  AD account is locked and logs indicate KERBEROS failure.  

Any input on which path to go down?  Once the computer is back up and the AD account is unlocked the issues will not present itself again until the laptop is woken up again after some time (usually the next day).
Avatar of Will Szymkowski
Will Szymkowski
Flag of Canada image

What is your password policy set to for the amount of failed login attempts?

Do you have Directory Service Logging Enabled?

Is the machine actually locking out from the machine that was asleep?

Enabled Directory Service Auditing
http://www.wsit.ca/how-tos/active-directory/configure-active-directory-auditing/

Also checkout Active Directory Auditing by Lepide which will help you pin-point where it is locking out exactly.

http://www.lepide.com/lepideauditor/active-directory.html

Will.
Avatar of Sean Williams
Sean Williams

ASKER

-We allow 5 failed attempts within a short time period.

-Service logging is enabled- not source IP or hostname is showing in the events.

-Machine is not locking while asleep- but when it resumes within a few minutes they lock out
If you have all of the correct logging enabled it should show where the account is locking out on IP and or Host name. If it does not then not all of the correct logging has been configured.

Will.
ASKER CERTIFIED SOLUTION
Avatar of Sean Williams
Sean Williams

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I found the solution myself