Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Mysterious Auto Locking of accounts

Status
Not open for further replies.

meby

IS-IT--Management
Dec 1, 2003
43
I am running Exchange 2000 on a W2k box. It has recently decided to start locking out user accounts. This morning I went through and manually unlocked all the account on the server and about 15-30 minutes later they were locked again. Has anyone experienced this before? Any ideas?

Mark
 
bump...nothing?
 
I have experienced something like, but the cause has not been Exchange (Terminal Services and Scheduled Tasks)

Have you examined the Security logs of your DCs to determine what system is causing the lockout? I try to start with the DC with the PDC Emulator role, since, in AD, this server is always checked last before denying an authentication request.
 
i had that problem when i first implemented password expiration on our domain. i kept fiddling with the policies and it finally went away.
 
Is your exchange server behind a firewall?. I had someone trying to crack into our mail server and kept locking out accounts. Set security on logins to maximum and check your security log in event viewer.

Nick
 
Have you checked your log files to see where the access' are coming from?

I'm Certifiable, not certified.
It just means my answers are from experience, not a book.
 
I had the exact same problem and it was an attempted brute-force password attack.
 
Check the clients for antivirus disabling accounts as well
 
Are your Outlook users having to manually type in their password to authenticate to Outlook? If so, be aware that Outlook submits your password 3 times 'behind the scenes' even when you only type it in once. Therefore if your user gets the password wrong once and your account lockout threshold is 3...there's your problem!

Adrian.
Adrianwheway@hotmail.com
 
I had problems when a user was logged on to more than one workstation at a time. Then they would get prompted to change their password, which they would do on one workstation. Then they would forget to log off of the other workstation. This would cause the account to lock out continually. There is a tool in the W2K resource kit for tracking where users log on that I implemented, which helped to prove to users that they were indeed logged onto another station. You can also limit the amount of concurrent logons.

This is a daunting task when you have hundreds or thousands of workstations.

The problem with this is that you have to find the workstation they are logged onto. Otherwise the account will continually lock out. I even tried deleting the account and re-creating it.

Hope this helps.

/m
 
Thanks everyone for your help. The problem seems to have disappeared. That leads me to believe that it was some sort of hacking/probing attempt. I'll do a little more research to confirm. Thanks again.

Mark
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top