Link to home
Start Free TrialLog in
Avatar of TechGuy_007
TechGuy_007Flag for United States of America

asked on

User's AD account becomes locked out as soon as they connect to their terminal server, only on one specific computer.

I have a user who becomes locked out after signing into their terminal server through RDP, but only on their computer. I've cleared out all saved credentials on her local computer, and found none within the terminal server itself. I've tried logging in using her credentials on a different computer and she does not become locked out. I've confirmed she becomes locked out after 0 apparent failed login attempts. Also, upon unlocking, she immediately becomes locked again if she is still signed into the terminal server. User is on Windows 10 Pro connecting to Microsoft Windows Server 2016 Standard x64. They are connecting through a VPN.
Avatar of Robert
Robert
Flag of United States of America image
The first thing to check is look at the event log on the DC's and see why the account is being locked out. (the event provides a reason code)
It will also indicate where the lockout is coming from (ip address)
Another thing is to do is be sure to check the server and PC for malware / viruses.
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

I'm seeing the events indicating the account was locked out (ID 4740) but no further information on why. Could you elaborate on this reason code?
Avatar of Robert
Robert
Flag of United States of America image
Sorry I was thinking wrong 4070 doesn't include reason code. I should however include the source PC to identify where it was coming from then you can look at that machines log to help narrow it down further. 
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

I have confirmed it is the user's PC which is locking the account out per this event log. I'm going to try having the user test onsite if possible to exclude the VPN as a factor, and also try logging into the terminal server on her computer from an account besides her own.
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

After trying and testing many different things, we eventually created the user a new instance of their AD profile on the computer, which has resolved the issue. Very curious what it was about the profile that was causing the constant lockouts though.
Avatar of TechGuy_007
TechGuy_007
Flag of United States of America image

ASKER

So, how do we mark a question as completed? I see a way to mark another user's comment as the solution, but not my own.
ASKER CERTIFIED SOLUTION
Avatar of Robert
Robert
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial