Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Domain account locked

Status
Not open for further replies.
billybarty

billybarty

Technical User
May 3, 2002
251
CA
One of our users that is contained in an AD group that is local admin on our SQL server gets his Domain account locked every time he logs onto the SQL server. Is there any way I can tell why his account is getting locked when he logs onto SQL?
 
Sort by date Sort by votes
What is your lockout policy?

Is this successful logins or just any time he tries.

the issues is that something is trying to login with his username soemwhere on the sqlserver assuming this is the only place it happens. Is it only the one sql machine or are there others too?

if you have the security audit level to log failures it should proably be showing up there
 
Upvote 0 Downvote
The domain policy if to lock the account after 6 unsuccessful attempts. he is always able to log onto the domain as well as the sql server with is AD account. It's after he logs onto the sql server that his AD account locks. It is only happening on this one sql server and I have just turned logging on for failures and will review them once he logs on again.
 
Upvote 0 Downvote
I had the user log onto the enterprise manager and access the sql server that locks his account and it locked after a couple of minutes. Nothing appeared in the security logs in the enterprise manager to indicate a logon failure. I've disconnected and reconnected his drives as well. He mentioned there is a metadata connection to a system that doesn't exist anymore. Would this connection be using an old password and giving him the problem? Thanks
 
Upvote 0 Downvote
Is auditing turned on for SQL Server? If it is, check the SQL Server Error logs. See if there are entries for the user. If it's not turned on, turn it on. (Right click on the server, select properties, go to security tab).

Are there any messages in the Windows Event Viewer logs (application, security, system)? Check on the machine being used, the SQL Server, and the Domain Controller.

I had an issue with a client trying to map the network to SQL Server and that caused multiple login attempts.

-SQLBill
 
Upvote 0 Downvote
Auditing is turned on in SQL and there have been no entries with his logon name even after his account gets locked. There are no security audit failures for his username in the security logs on his machine, the SQL server or the domain controller. If he connects to the SQL server through remote desktop his account doesn't get locked. Should there not be a logon failure record on the domain controller when his account gets locked or is there another way his account can get locked?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

RRinTetons
  • Locked
  • Question
Logging into a database using SSMS from non-domain machine
Replies
1
Views
387
fredericofonseca
fredericofonseca
mrmovie
  • Locked
  • Question
ODBC connection, or other from Linus system using AD account details 2
Replies
2
Views
156
mrmovie
mrmovie
duartevds
  • Locked
  • Question
SQL 2014 Express on a Windows Server 2012 With a Domain Controller
Replies
0
Views
109
duartevds
duartevds
RRinTetons
  • Locked
  • Question
Requirements for a dedicated domain account to run jobs and SSIS packages in them
Replies
3
Views
116
SQLScholar
SQLScholar
Skittle
  • Locked
  • Question
ODBC Connection Across Domains
Replies
2
Views
239
SQLBill
SQLBill

Part and Inventory Search

Sponsor

Back
Top