Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Accounts Continuously Locked Out

Status
Not open for further replies.
networkmgr

networkmgr

IS-IT--Management
Apr 25, 2002
5
US
I have a W2K network, all servers and clients are W2K. Everyday users' accounts are locked out before they even arrive for work. Some people it happens to everyday, many times throughout the day. Other people it happens to for about a week after they change their password. The event log is showing errors logging in because the account is locked out. But why are they getting locked out?
 
Sort by date Sort by votes
Have you tried looking into the password expiration ?
The passwords may expire in a certain time period.
 
Upvote 0 Downvote
Are you running virus protection on the server? I had a similar problem and it was my virus protection.
 
Upvote 0 Downvote
We have our passwords expire every 60 days. That is when users change their password and are locked out every day for about a week (sometimes longer for other users). There are some users that have been locked out everyday for the past 2 months. We are running virus scan, Norton Antivirus, but I don't see how that could cause the problem.
 
Upvote 0 Downvote
Could it be there are scheduled tasks running as a user with the old password?
 
Upvote 0 Downvote
I've seen this a million times. You need to make sure that when you change a users password that they're not logged in anywhere else on the network and have a drive mapped. The account will lockout immediately, and constatnly, even after unlocking it. Any mapped drives still connected when the user changes the password will force the account to use its old password, thus locking the account out. Definitely check on this. I can't tell you how many times I've asked a user if they were logged in anywhere else on the network or had another machine that had mapped drives when they change their password and they say NO. They're wrong...have a looksie!
 
Upvote 0 Downvote
Tek and Tom are both correct, and if I may add, if you have multiple DC's, check replication between them. I've seen situations where an account can be unlocked on one DC, and the user authenticates against another one that wasn't updated, and gets locked out again. Same thing with password changes...
 
Upvote 0 Downvote
I can see the password change affecting it. But what about peoply who haven't changed their password? I have been there when they get locked out and they are not putting their password in wrong. Also, their login script maps the drives for them, so they don't even get mapped anywhere until after they log in. As far as event viewer goes, I have tons of messages. I have looked them up and a couple of them are known problems that Microsoft has a hotfix for. When I try to get the hotfix they want me to put the call on a credit card. I can't seem to get a live person.
 
Upvote 0 Downvote
Turn up auditing on the DC and check the event logs for security event 644. As an aside, do you use Outlook Web Access?
 
Upvote 0 Downvote
Some of our users have Outlook Web access. Also, I am not getting any 644 events but lots of 676, 565, 675, 677, and 681. I have tried looking these up and all I get is either that the user is locked out (and I already know that) or no information is available.
 
Upvote 0 Downvote
Yeah, the reason I ask about the OWA is that I recall someone telling me about a problem similar to yours and it turned out to be the OWA server attempting authentication for the user's ID's even after they'd logged out. They had to restart that server to fix it. In any case, all those 600 events indicate a piece of the failed logon process. It sure looks like there's some unknown object in your domain trying to authenticate users. What hotfixes is MS holding out on?
 
Upvote 0 Downvote
I looked through some of my messages and I got an unknown kerberos error. So I enabled kerberos logging and restarted my computer and this is the event I received:
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 4/30/2002
Time: 2:44:31 PM
User: N/A
Computer: OPSDC03
Description:
The function InitializeSecurityContext received a Kerberos Error Message:
on logon session
Client Time:
Server Time: 18:44:31.0000 4/30/2002 (null)
Error Code: 0x7 KDC_ERR_S_PRINCIPAL_UNKNOWN
Client Realm:
Client Name:
Server Realm: FIRSTPENNBANK.COM
Server Name: krbtgt/
Target Name:
Error Text:
File:
Line:
Error Data is in record data.
 
Upvote 0 Downvote
Dont know if this matters, but is the 'krbtgt' account listed in AD users and computers? It should be listed and disabled (default). Also do you have any group policies running? Make sure there arent any broken GPs, AD links, and missing folders under the SYSVOL folder.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
77
strongm
strongm
goombawaho
  • Locked
  • Question
How to open Change user role for user accounts wizard
Replies
2
Views
83
goombawaho
goombawaho
Kiwica
  • Locked
  • Question
Locked out domain account
Replies
4
Views
96
Kiwica
Kiwica
Mindly
  • Locked
  • Question
Can't log into SBS 2011 server with accounts that have administrator priviledges
Replies
0
Views
73
Mindly
Mindly

Part and Inventory Search

Sponsor

Back
Top