User login to a workstation locks a different user's AD account

Ok, here's a weird one. Just started happening yesterday (after updates were applied over the weekend?):

User A is assigned to workstation A (which is a Windows 10 workstation). When she leaves for lunch, User B logs onto her workstation to assist customers while User A is at lunch. When User A comes back from lunch and attempts to login to her workstation, she is getting notified that her account is locked out.

I check AD Users and Computers and find User B's account is locked but not User A. I advise User A to reboot the workstation and she can now login. I verified that she was logging in by entering her password for her own user ID - actually watched her enter her password under her User ID, but it is recording login attempts against User B's account.

This happened yesterday and again today. I have other workstations which users share, substituting for each other during lunch breaks but have not received any reports of this type from other users.

I've done a couple of preliminary Google searches but I'm not finding anything similar. My first thought is to delete User B's profile off the workstation since he's not the primary user on that workstation anyway. I'm hoping I don't have to also delete and rebuild User A's profile.

Anyone else seen anything like this and have any suggestions?
Rochelle AdsittIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
Does B log out properly when B is finished?  

If B uses C's computer, does the same thing happen?

In answer to your question, no, I do not see this, and yes, it appears to be profile issue.
0
Rochelle AdsittIT DirectorAuthor Commented:
Today User A reported that User B did log off of her computer but it didn't make any difference.

I haven't had User B try other computers yet. I might do that later on this afternoon.
0
McKnifeCommented:
Clear the cached credentials. Let the user open network credential manager and look for credentials of the other user - those could be simply outdated and no longer valid.
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Rochelle AdsittIT DirectorAuthor Commented:
Yes, User B logged onto User C's computer and it caused the same problem for User C - she had to reboot in order to login on her workstation.

Checked Credential Manager for both User A and User C - didn't see anything related to User B in there.

User B also logged onto workstation D and while he was still logged on, I did a "switch user" and logged on with my non-privileged ID - no problem.
0
JohnBusiness Consultant (Owner)Commented:
Something appears to be wrong with B's Profile. Also did you try McKnife's suggestion?  And, try deleteing B's Profile the workstations.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rochelle AdsittIT DirectorAuthor Commented:
I've deleted User B's profile off of User A's computer, had User B log back in and create a new profile, and then locked the workstation and had User A log back in again - so far, so good.

So odd that User B's profile would cause problems on the 2 computers at the same time. And makes me wonder if I still have a potential intrusion risk in place as a result of a breach we had late last year in which this user's account appeared to have been peripherally involved.
0
JohnBusiness Consultant (Owner)Commented:
B may have had a virus going to dodgy places. But you now know what the issue was.
0
Naveen SharmaCommented:
May be due to processes on the client computers, programs that may pass user credentials to a centralized network program. Mobile device / BYOD or Virus.

Refer for more: Active Directory -Troubleshooting Frequent Account Lockout:
https://social.technet.microsoft.com/wiki/contents/articles/23497.active-directory-troubleshooting-frequent-account-lockout.aspx

You can use Account Lockout Status (LockoutStatus.exe) from Microsoft which is a combination command-line and graphical tool that displays lockout information about a particular user account. Also, you can enable auditing on your default domain policy to track it. Else, try active directory auditing solution which lets you the root cause of account lockouts faster and easily.

Troubleshooting account lockout the PSS way:
https://blogs.technet.microsoft.com/instan/2009/09/01/troubleshooting-account-lockout-the-pss-way/
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.