Account keeps getting locked out -- Windows Server 2012

Eric Forman
Eric Forman used Ask the Experts™
on
For some reason I can't seem to locate the exact service or application that keeps locking out a specific account.

Randomly one of our user accounts keeps getting locked out. I have been able to isolate it to being a login directly to one of our domain controllers and the SVCHOST service.

I have used the MS Account Lockout Tools to find the DC and the NetLogon logs to locate the PID of the service; but still can't fix this issue as of yet. I was able to do this with W2k3 & W2k8; not sure why W2k12 is not giving me the same results.

Any help would be appreciated.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
hecgomrecNetwork Administrator

Commented:
Make sure the user doesn't have a local account on the client with the same username but different password.
Look through your services to see if somehow this user was associated with a service as the login account, with a stored password. Once the password is changed, the service attempting to log in with the stored password will log failures and lock the account out.

I don't know for sure that this is what is causing your experience, but it's not clear that you ruled out this possibility.
IT Infrastructure Engineer
Commented:
I think I have it.

My first AD account was broken so it was deleted and recreated.

When I checked the DC in question, the same host that was showing as the lockout source, I was logged in twice; once with each account. I had not noticed this before.

Since my original AD account was still logged into the DC (login names matched), and the "Queue startup items.." task was running as the DC was idle, it locked out my new account.

I'll know for sure tomorrow.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

I always try to avoid deleting AD accounts that have been in use long enough to leave traces. Not always possible and perhaps overly cautious....
Eric FormanIT Infrastructure Engineer

Author

Commented:
Found issue.
CODAdminNetwork Administrator

Commented:
Can you explain what your issue was?  We are having the same issue with several users.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial