We have a Active Directory account that repeadily gets locked out. This happens every hour after unlocking the account. In the Security Event log under Client Address rather than the usual IP Address or the machine name where the incorrect login is coming from it has the 172.0.0.1 address. Any help in resolving this would be appreciated.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Account Lockout
- Thread starter jdwalz
- Start date
I had a similar problem recently where a users account was constantly being locked-out. I tracked the problem by having the user sign-on and monitoring when his account got locked-out and what he was doing at the time.
I found that this occured when he opened Word. He had a network printer mapped to a printer in another domain which he didn't have the correct password entered for his logon account.
After deleting a re-creating with his correct password the lockouts ceased.
Your user may have something similiar.
Check for connected printers etc where he would have had to enter his account and password to connect.
Hope this helps.
I found that this occured when he opened Word. He had a network printer mapped to a printer in another domain which he didn't have the correct password entered for his logon account.
After deleting a re-creating with his correct password the lockouts ceased.
Your user may have something similiar.
Check for connected printers etc where he would have had to enter his account and password to connect.
Hope this helps.
Teknoratti
Technical User
Class B range.
I would say to recreate the user account and try again.
Could you post the entry of the event log?
I would say to recreate the user account and try again.
Could you post the entry of the event log?
- Thread starter
- #4
The user is not even logging on with this account anymore. We had to create a new one for him. Here is the event that keeps happening:
Pre-authentication failed:
User Name: ghricz
User ID: SASKFERCO\ghricz
Service Name: krbtgt/SASKFERCO
Pre-Authentication Type: 0x2
Failure Code: 0x12
Client Address: 127.0.0.1
Pre-authentication failed:
User Name: ghricz
User ID: SASKFERCO\ghricz
Service Name: krbtgt/SASKFERCO
Pre-Authentication Type: 0x2
Failure Code: 0x12
Client Address: 127.0.0.1
Download the Account Lockout Toolkit from Microsoft. [URL unfurl="true"]http://www.microsoft.com/downloads/details.aspx?FamilyID=7AF2E69C-91F3-4E63-8629-B999ADDE0B9E&displaylang=en[/url]
It allows you to bring up text based logs from the DC's showing logons and logoffs and lockouts. It will also show you subnets that have not been defined in Sites and Services in your AD.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
It allows you to bring up text based logs from the DC's showing logons and logoffs and lockouts. It will also show you subnets that have not been defined in Sites and Services in your AD.
PSC
Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
Thanks guys/gals for your post on this.
I had a similar situation this morning with a user. This post helped me out. The alock tool worked great for debugging.
I was able to get the account working again by restarting my exchange server in the domain. Something on that server was locking this users account, virus??? I did quarantine about five files last night on that server.
After a restart everything returned to normal. Typical Windows.. If only cars were so easy, shut down, get out, get back in, starts right up!!!
"If the only prayer you said in
your whole life was, 'thank you,'
that would suffice."
-- Meister Eckhart
I had a similar situation this morning with a user. This post helped me out. The alock tool worked great for debugging.
I was able to get the account working again by restarting my exchange server in the domain. Something on that server was locking this users account, virus??? I did quarantine about five files last night on that server.
After a restart everything returned to normal. Typical Windows.. If only cars were so easy, shut down, get out, get back in, starts right up!!!
"If the only prayer you said in
your whole life was, 'thank you,'
that would suffice."
-- Meister Eckhart
I think you will find that is called NetWare 
--------------------------------------------------------------------------
"Who is General Failure and what is he doing on my computer?"
--------------------------------------------------------------------------
--------------------------------------------------------------------------
"Who is General Failure and what is he doing on my computer?"
--------------------------------------------------------------------------
Make sure they dont have any services running under their name and remap their mapped drives.
---------------------------------------
- Submit your sites free to our directory.
---------------------------------------
- Submit your sites free to our directory.
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question