jasonuocs
asked on
Admin account lockout
Hi,
I am running Windows Server 2008 R2 and my domain admin account keeps getting locked out.
I have closed down external RDP and HTTP ports to prevent outside access and I have installed an Account Lockout Examiner on the server. It seems to be coming from the server itself. I have checked and there are no services or scheduled tasks causing the problem.
Does anyone have any ideas as to what else it might be? Any help would be much appreciated.
I am running Windows Server 2008 R2 and my domain admin account keeps getting locked out.
I have closed down external RDP and HTTP ports to prevent outside access and I have installed an Account Lockout Examiner on the server. It seems to be coming from the server itself. I have checked and there are no services or scheduled tasks causing the problem.
Does anyone have any ideas as to what else it might be? Any help would be much appreciated.
ASKER
Hi Shaun,
I have already downloaded and ran that tool but I didn't find it particularly helpful. I just shows the account is locked out and that it is coming from the IP address of the server itself. Is there another functionality I am missing?
I have already downloaded and ran that tool but I didn't find it particularly helpful. I just shows the account is locked out and that it is coming from the IP address of the server itself. Is there another functionality I am missing?
Please post a screenshot
Download Account Lockout Status (LockoutStatus.exe) from below link. It will show you the time & server where the account is locked.
http://www.microsoft.com/en-in/download/details.aspx?id=15201
If you have recently change the password, please check if you have configured administrator user account is being used to run a service, a scheduled task or an application pool.
After you change the password, same has to updated in all dependencies.
http://www.microsoft.com/en-in/download/details.aspx?id=15201
If you have recently change the password, please check if you have configured administrator user account is being used to run a service, a scheduled task or an application pool.
After you change the password, same has to updated in all dependencies.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Shaun,
I disabled RDP on that server as it is not needed anyway and that has done the trick. Thank you for your help.
Just a quick query though - do you have any ideas of how we can track down what is trying to login so desperately?
I disabled RDP on that server as it is not needed anyway and that has done the trick. Thank you for your help.
Just a quick query though - do you have any ideas of how we can track down what is trying to login so desperately?
You need to look are RDP logs to see connections
Or you can set firewall to log success and fails then look for entries on 3389
ASKER
Fantastic - Thanks Shaun for your help
After that run it and point to server that generates lockouts
NetWrix Account Lockout Examiner
In this example I locked an account on purpose from the console (CMD.exe)