We help IT Professionals succeed at work.

AD Account lockout

Donna H
Donna H asked
on
11 Comments
4 Solutions
368 Views
1 Endorsement
Last Modified: 2017-04-10
I have a user that is getting repeatedly locked out of his Active Directory account.  I have checked his mobile phone and removed and re-added the exchange account with the correct credentials.  I have run rundll32.exe keymgr.dll, KRShowKeyMgr --  and removed all cached credentials.  I have deleted the cached passwords from Internet Explorer.  I have checked for any mapped drives and I have removed and re-added the Outlook profile.  

I h ave also downloaded and ran the lockoutexaminer.  This shows the orig. lock as one of our domain controllers.  

I have checked the security event log on the DC for event  4740 and it shows the lockout and the caller computer name is our Exchange server.

The lockouts started happening after the last password change.  I also tried changing the password back to the original password,but that did not help either

The lockout appears to occur at regular 15 minute intervals.  

Is there anything else I can check to find the source of the account lockout?

Thanks
Comment
Watch Question

View Solutions Only

Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019

Commented:
Jeff GloverSr. Systems Administrator
CERTIFIED EXPERT

Commented:
Perhaps searching the IIS logs on your Exchange server will point you in the right direction.Perhaps he has an iPad or some other thing configured and forgot. I would search the logs for his logon name and see what is trying to use ActiveSync.
Donna HSr. Manager of IT

Author

Commented:
Thanks Shaun.

I ran the event comb but I didnt get any results.  I am checking the rest of the solutions in your article.
Donna HSr. Manager of IT

Author

Commented:
Thanks Jeff,

I will try checking the IIS logs on the Exchange server.
Tech Lead
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
compdigit44
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Shaun VermaakSenior Consultant
CERTIFIED EXPERT
Awarded 2017
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Jeff GloverSr. Systems Administrator
CERTIFIED EXPERT
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
compdigit44

Commented:
You could also try to install Network Monitor on your DC's unlock  the account then start the captures  as a last resort
Donna HSr. Manager of IT

Author

Commented:
Shaun,  I have enabled auditing on the client workstation and auditing is turned on for the DC and Exchange servers
Donna HSr. Manager of IT

Author

Commented:
Compdigit,

ran psexec,  results showed Currently stored credentials as * NONE*

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions