Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Locked out domain account

Status
Not open for further replies.

Kiwica

IS-IT--Management
Feb 26, 2003
102
US
Hi Everyone, this may not be the right forum for this thread (probably an AD issue) but Ill start here anyway.
I am running a network with server 2012 DCs and file servers, with clients all Win 7 Pro machines. Over the last few weeks my domain account ( I have domain admin privileges) has been getting locked out. I walk away from my pc and when I come back and Ctrl/Alt/Del to unlock the screen and get back to my password screen, there is the message " The referenced account has been locked out". Then go to my logon server and check the "unlock" button on my account and then I can log back in until next time.

The message and the actions are the same for a user that tried to put the wrong password in and got locked out. I thought perhaps maybe there was some outside hacking attempt, but the firewall is secure so I'm sure there's no intrusion. There is nothing in the event logs referring to this either. A forum suggested that this could happen when using DES encryption and to turn it off but I'm not using DES. The account with lock even if Im in it and using it, and then I'll discover the lockout when I go to access a network resource.

I've changed passwords and it make no difference. I'm also the only account that's experiencing this.

Any suggestions would be greatly appreciated

Cheers

"Have you ever imagined a world with no hypothetical situations?
 
Have you perhaps created a service that is running under your account?
 
No services other than any that may have been added as part of MS default OS install. One thing I forgot to mention. After Im locked out and I go to AD on the server to unlock the account, when I get back to my pc theres a windows logon reminder saying "windows needs my current credentials" and has me ctrl/Alt/Del to lock it and then unlock it again.

"Have you ever imagined a world with no hypothetical situations?
 
Not sure offhand how to test it, but is it possible someone inside your organization is trying to login as you? Any way to see where login origination locations?

"But thanks be to God, which giveth us the victory through our Lord Jesus Christ." 1 Corinthians 15:57
 
Ugh... I found a policy in the firewall that was out of place. I usually have my pc set to allow rdp only from a specific public ip address. At some point I had created a temp policy to allow login from ALL, and I missed it when looking at my firewall rules.

So it was Ahole Hackers trying to gain access. I killed the policy and everything stopped....
I'm such an idiot, but fortunately no access was gained and lesson learnt.

"Have you ever imagined a world with no hypothetical situations?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top