Is the lockout on the user's workstation, or on the domain? i.e., how can you tell that there is a lockout (what's the symptom)? Lockout is on the domain, we have a web filter that requires authentication and when the account is locked out, the access denied page pops up on the Internet.
Does the user have a mail client open (e.g., Outlook or similar)? Yes, Outlook 2003 Is the user logged in from multiple workstations at the same time? She has in the past, but the past few times no. Did the user call the help desk to change passwords, or use a web-based password reset program, while logged in to Windows? NO Are you sure the user is not logged into the domain when this happens? She is in the domain when this happens Is the user connected to a VPN when this happens? NO Answers to these might help track down your problem.. :-) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, December 21, 2006 11:36 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Strange Lock Out Issue Hi Justin, > I have a user, who is not logged in anywhere else, and while surfing the > web or access a program is getting locked out of her account for no > reason. I have checked the logs on all three domain controllers and > nothing is showing a failed logon attempt or bad password. It doesn't > even show when the account got locked. Any ideas on how to rectify > this? Is the lockout on the user's workstation, or on the domain? i.e., how can you tell that there is a lockout (what's the symptom)? Does the user have a mail client open (e.g., Outlook or similar)? Is the user logged in from multiple workstations at the same time? Did the user call the help desk to change passwords, or use a web-based password reset program, while logged in to Windows? Are you sure the user is not logged into the domain when this happens? Is the user connected to a VPN when this happens? Answers to these might help track down your problem.. :-) -- Idan Shoham Chief Technology Officer M-Tech Information Technology, Inc. [EMAIL PROTECTED] http://mtechIT.com ************************************************************************ **** Sign-up for M-Tech's winter training sessions: P-Synch: January 8--12, 2007 || ID-Synch: January 15--19, 2007 To register, please visit: http://mtechIT.com/education/ ************************************************************************ **** The information in this email is confidential and may be legally privileged. It is intended solely for the addressee. Access to this email by anyone else is unauthorized. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. ************************************************************************ **** On Tue, 19 Dec 2006, Salandra, Justin A. wrote: > That is just the thing, no event IDs exist for the account lockout on > any DC even though I have Auditing turned on. This is why it is a > strange lockout. > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond > Sent: Monday, December 18, 2006 3:39 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Strange Lock Out Issue > > > > Eventcombmt the DCs for whatever the lockout ID is also works. > > > > Thanks, > > Brian Desmond > > [EMAIL PROTECTED] > > > > c - 312.731.3132 > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of WATSON, BEN > Sent: Monday, December 18, 2006 2:50 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Strange Lock Out Issue > > > > Download the Account Lockout and Management Tools from Microsoft. More > specifically, from the downloaded EXE, extract the LockoutStatus.EXE > file and use it to query for the user account that is having issues. > > > > It will tell you how many bad password attempts have been made, what > time/date the lockout occurred, and on what DC. Furthermore, you can > directly manage the Domain Controller from the tool and pull up the > event viewer to look for the security entry pointing you to the source > of the bad credentials. > > > > It's always worked like a charm for me when dealing with issues like > these. > > > > Good luck, > > ~Ben > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Salandra, > Justin A. > Sent: Monday, December 18, 2006 11:35 AM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Strange Lock Out Issue > > > > I have a user, who is not logged in anywhere else, and while surfing the > web or access a program is getting locked out of her account for no > reason. I have checked the logs on all three domain controllers and > nothing is showing a failed logon attempt or bad password. It doesn't > even show when the account got locked. Any ideas on how to rectify > this? > > > > Justin A. Salandra > > MCSE Windows 2000 & 2003 > > Network and Technology Services Manager > > Catholic Healthcare System > > 646.505.3681 - office > > 917.455.0110 - cell > > [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
