Hi Justin,
I have a user, who is not logged in anywhere else, and while surfing the web or access a program is getting locked out of her account for no reason. I have checked the logs on all three domain controllers and nothing is showing a failed logon attempt or bad password. It doesn't even show when the account got locked. Any ideas on how to rectify this?
Is the lockout on the user's workstation, or on the domain? i.e., how can you tell that there is a lockout (what's the symptom)? Does the user have a mail client open (e.g., Outlook or similar)? Is the user logged in from multiple workstations at the same time? Did the user call the help desk to change passwords, or use a web-based password reset program, while logged in to Windows? Are you sure the user is not logged into the domain when this happens? Is the user connected to a VPN when this happens? Answers to these might help track down your problem.. :-) -- Idan Shoham Chief Technology Officer M-Tech Information Technology, Inc. [EMAIL PROTECTED] http://mtechIT.com **************************************************************************** Sign-up for M-Tech's winter training sessions: P-Synch: January 8--12, 2007 || ID-Synch: January 15--19, 2007 To register, please visit: http://mtechIT.com/education/ **************************************************************************** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. **************************************************************************** On Tue, 19 Dec 2006, Salandra, Justin A. wrote:
That is just the thing, no event IDs exist for the account lockout on any DC even though I have Auditing turned on. This is why it is a strange lockout. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond Sent: Monday, December 18, 2006 3:39 PM To: [email protected] Subject: RE: [ActiveDir] Strange Lock Out Issue Eventcombmt the DCs for whatever the lockout ID is also works. Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN Sent: Monday, December 18, 2006 2:50 PM To: [email protected] Subject: RE: [ActiveDir] Strange Lock Out Issue Download the Account Lockout and Management Tools from Microsoft. More specifically, from the downloaded EXE, extract the LockoutStatus.EXE file and use it to query for the user account that is having issues. It will tell you how many bad password attempts have been made, what time/date the lockout occurred, and on what DC. Furthermore, you can directly manage the Domain Controller from the tool and pull up the event viewer to look for the security entry pointing you to the source of the bad credentials. It's always worked like a charm for me when dealing with issues like these. Good luck, ~Ben From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, Justin A. Sent: Monday, December 18, 2006 11:35 AM To: [email protected] Subject: [ActiveDir] Strange Lock Out Issue I have a user, who is not logged in anywhere else, and while surfing the web or access a program is getting locked out of her account for no reason. I have checked the logs on all three domain controllers and nothing is showing a failed logon attempt or bad password. It doesn't even show when the account got locked. Any ideas on how to rectify this? Justin A. Salandra MCSE Windows 2000 & 2003 Network and Technology Services Manager Catholic Healthcare System 646.505.3681 - office 917.455.0110 - cell [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/
