Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

user constantly locked out

Status
Not open for further replies.

brettums

IS-IT--Management
Dec 27, 2000
121
US
A user on my network constantly gets locked out for no apparent reason. I'm usung 5 timeout trys if a user does not know their password. However, this user puts in their password once, and then bang. they are imediatly locked out. What do you suggest I do about this?

Please advise

thanks
-Brett
 
I would first check to see if that logon is being used for any automatic operations like anti-virus updates. Sometimes a user account is used that will start failing once the password is changed and then it will lock out the account due to excessive attempts.

Justyn Worrell
MCP, MCSE, MCT, CCA, CCEA, CCI
SCSA, CCSA, CCSE, CCNA, AANG-UP
 
no, this user is not starting any services. If any are starting it would be only local to his machine. Should I check services on the local machine as well? (I mean they are not starting on any server services)

-Brett
 
If you enable security logging, you can then check in the event viewer on the server to see where the login attempts are comming from.
 
Keeping in mind what justyn said, also look for permanent drive mappings. These can lock you out pretty quickly after a password change.
 
I have sort of the same issue.
try having them logon from a different machine.
 
I found the fix for this!

I turned on auditing for the weekend, the user has two machines on the network. He NEVER logged out of the other machine. While not logged out, he changed his password, and the machine still logged in (w/ old password) was erroring out and that was why his account kept on locking out.


For ounce auditing worked for me.
 
Great to know.. however I have the same problem. We recently upgraded to Windows 2000 from NT so the domain is 'Fresh' and the expiration time for passwords has not even come up. Users claim that they are shutting down their pc's normally at the end of the day. However, randomly the passwords are getting locked out... of course I am assuming they are telling me the truth and that the reality isn't that they Fat-Fingered their password 3 times (our policy). In Event Viewer it just says Account Locked out..and then we go ahead and unlock.. can we keep this post going? I would also like to know of other possible ways to solve this.
 
Im with FrauW on this one... I havent changed any passwords and the users are Authenticated but are randomly being locked right afterwards, the logs will fill up with over two hundred hits sometimes! Could it be that I have NT4 as my PDC (soon moving to AD) and a 2k server as a BDC/File server? I also have a SQL2k,ISA2k,TS NT4 and Exchange 5.5 on NT running. 99% of the workstations are win98
This is driving me nuts!

 
OK.. back to solving the problem. I am also not turning off account lockouts as my orders for group policies come from the 'big wigs' and I am not about to argue with them. sneekn did you find anything? The main difference between your problem and mine is that my system is entirely on Windows 2000 i.e. all domain controllers are on Windows 2000 Server O/S. All client PCs are on Windows 2000.
 
I'm thinking it's trying to authenticate a resource and failing... Does anyone run SMS or have in the past and taking it offline?? or Is your DNS on a different server than Authentications??

We have been slowly implementing new servers and our file server was the first to be replaced with 2k (which is our DNS for now)We are about to upgrade to AD and everyone here thinks this issue will just dissapear after the upgrade...

Thank you for the white papers...

Also one of my guys suggested a corrupted sam file? but I have reimaged computers with this problem and it returned...
 
Hmnn... the problem is so random. But I do have 2 DNS Servers in the 4 DC environment. All point to the same primary DNS for authentication and the same secondary one. Maybe it's a glitch when the server receives simultaneous authentication requests and somehow doesn't redirect to the 2nd DNS (?????).

I need to actually watch the problem a bit and note the times and what was going on the environment to cause the prob. These suggestions will definitely be of use. :)
Thanks!
 
If you have 2 DNS servers, these servers should be pointing to themselves for the primary lookup and somewhere else - usually your ISP - for secondary.
 
Good trail here...Just caught wind of this myself. My situation is there are at least 2 accounts constantly getting locked out. I reset them, last a little while and they cal back...driving me nuts! Found a correlation (at least in time) between the logs on our w2k DC/DNS/DHCP security logs and that of our w2k/xchg2k msg server. Do you think it could be DNS registration related. I need to check these clients' reg settings more L8R...One more note on the event logs is that it isn't consistent...sometimes it logs bad passwords an others just...bam locked out...any ideas?
 
I had this same problem - a user a soon as he logged on his account became locked. I blew away his profile and it has seemed to resolve the issue.
 
Cool...thanks for the feedback...did the issue ever return?The difference here is that my user(s) are experiencing this mid-stream...they are logged in check outlook for example (touch netbios) and Bam! Done.I'll give the local profile a whirl on a user at this site. be back soon. Thanks again
 
Hi There. The latest thing that I can see is that for remote persons (via VPN) thier local cached profile is not not updated...found by trying to change it from the remote end and tryin it while connected to the LAN. Does anyone know of a way to force an "active" authentication to the DC remotely? Any ideas are greatly appreciated....thank
 
Where I have seen this problem the most is with Terminal Servers that are used for application servers. For instance, I have a server that runs the Solomon Accounting system. Users log in remotely to this server from home and use the disconnect button instead of log off button to close the session. This keeps the user logged in, and when they change their password on their desktop it locks the account out in no time.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top