troubleshooting Question
administrator account lockout troubleshooting
asked on
I am stumped at what is causing administrator lockout, open to ideas/suggestions as to what is causing it. Our syslog alerts us when accounts are locked out after a certain amount of times. I turned on debugging (nltest /dbflag:0x2080ffff) and installed netwrix but I am unable to determine what is causing it.
Debug log says this is coming from this system yet there are no services that are set to logon as the domain administrator, no mapped drives, pretty sure it's none of these scheduled tasks
Roles running on this system are AD, DNS, File services.
This is our domain controller event logs.
http://i.imgur.com/M9xvIO8.jpg
Debug log says this is coming from this system yet there are no services that are set to logon as the domain administrator, no mapped drives, pretty sure it's none of these scheduled tasks
TaskName Next Run Time Status
======================================== ====================== ===============
Password expiration report 8/10/2016 7:30:11 AM Ready
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter Disabled
VerifiedPublisherCertStoreCheck Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
AitAgent 8/9/2016 2:30:00 AM Ready
ProgramDataUpdater 8/9/2016 12:30:00 AM Ready
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
SystemTask N/A Ready
UserTask N/A Ready
UserTask-Roam Disabled
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 8/8/2016 6:00:00 PM Could not start
KernelCeipTask 8/11/2016 3:30:00 AM Ready
UsbCeip 8/11/2016 1:30:00 AM Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program\Server
TaskName Next Run Time Status
======================================== ====================== ===============
ServerCeipAssistant 8/9/2016 10:57:57 PM Could not start
ServerRoleCollector 8/11/2016 12:50:44 AM Ready
ServerRoleUsageCollector 8/9/2016 11:47:06 PM Could not start
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag 8/10/2016 1:42:31 AM Ready
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
CorruptionDetector N/A Ready
DecompressionFailureDetector N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService Disabled
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem 8/16/2016 7:34:22 AM Ready
Folder: \Microsoft\Windows\RAC
TaskName Next Run Time Status
======================================== ====================== ===============
RacTask 8/8/2016 3:10:22 PM Ready
Folder: \Microsoft\Windows\Ras
TaskName Next Run Time Status
======================================== ====================== ===============
MobilityManager N/A Ready
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup 8/16/2016 12:16:17 AM Ready
Folder: \Microsoft\Windows\Server Manager
TaskName Next Run Time Status
======================================== ====================== ===============
ServerManager N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTask Disabled
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\Tcpip
TaskName Next Run Time Status
======================================== ====================== ===============
IpAddressConflict1 N/A Ready
IpAddressConflict2 N/A Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Running
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime 8/14/2016 1:00:00 AM Ready
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\User Profile Service
TaskName Next Run Time Status
======================================== ====================== ===============
HiveUploadTask Disabled
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting N/A Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader Disabled
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Roles running on this system are AD, DNS, File services.
This is our domain controller event logs.
http://i.imgur.com/M9xvIO8.jpg
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 9 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.