Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Users being locked out!

Status
Not open for further replies.
dazz828

dazz828

Technical User
Jul 22, 2002
60
0
0
US
Hi all,

I wonder if anyone has come across this problem before. Every 2-3 hours all our users become locked out. Then I manually have to go into Active Directory, and unlock each account. We only have about 20 users so it's not that crazy, but it kicks them out of Instant Messenger and their Outlook starts asking for User/Pass/Domain. I log in, unlock the account, and all is well.....for about 2 hours and it happens again.

Win 2000 SP4 (PDC), Exchange 2000 SP3 (on same box), all clients are running either 2000 Pro/XP Pro with Outlook 2000/XP.

Has anyone every seen or heard of this? And know of a solution? I couldn't find anything searching...

Thanks in advance!
Dazz828
 
Sort by date Sort by votes
Appears that yoou have account lockout turned on.
Not sure if you already have done this, but you should enable user logon/logoff account auditing on the domain.

The error message in the log file can be very helpful in resolving this type of issue. FYI, what sometimes happens is that a rogue user/infected machine finds all the userids and tries to log in, and once when locked out moves to the next userid. As all your users are affected, could be a rogue program.
This may not be true in your case but the audit log information would be very helpful.




Claudius (What certifications??)
 
Upvote 0 Downvote
Claudek,

Thank you for the information. How do I enable auditing for logon/logoff's? I'll try that out and see what the log shows.
 
Upvote 0 Downvote
Edit your default domain GPO to enable auditing for success/failure. Information can be found here with some nice simple notes as well:


This link has some clearer instructions though:
- make sure you read the information under the Auditing Across an Entire Domain part as this is the part relevant to you



Claudius (What certifications??)
 
Upvote 0 Downvote
I'm having a similar problem - but only on Win 98 machines. My 2000 machines are fine. I've tried many things - loading file & print sharing, static IP's, changing access control from Shared to User, adding NetBeui protocol, host files. WINS sees them fine. They login fine but after a little while some start to get kicked out. Not all and not every day. It's getting very frustrating. I've done searches on Microsoft and other places, had "experts" look at it and they scratch their heads and say they've never seen it before. I'm at a big loss and ready to throw the machines out. We're non-profit so I can't just go buy new machines that can run 2000/XP. these machines are too old to handle it. Anyone have any ideas?
 
Upvote 0 Downvote
Hi Dazz828,

My first step would be to revert to a service pack prior to SP4. I've heard nothing but trouble from that one.

Aultbmh, what's wrong with OWA? We run it on our Exchange server with no problems (also a Win2K, Exchange2K box, but SP3 instead of SP$).

Regards,

z.
 
Upvote 0 Downvote
beulah08

We've had exactly the same trouble with our Win98 clients, they continuosly lock out the users. Sometimes it will pick-on one user all day, then move to another user!

Bizarre!

We have tried everything - local win98 policies, patches etc.

I am in exactly same position as you - I work for a charity. We are slowly moving to Windows 2000.

 
Upvote 0 Downvote
I think I found the solution. Win2k server has a function called "autodisconnect". If you have mapped drives, the server disconnects them "temporarily." If you have W2k workstations, that's okay because the cache, I guess, keeps the information. You may have noticed red "x's" on drive mappings in my computer. All you have to do is open the drive and it reattachs. But Win98 does not have that ability. So you have to disable autodisconnect in the server until you have all your workstations upgraded. Look for the knowledge base article #297684 for details how to disable it. I did it Friday and so far haven't had anyone locked out.
 
Upvote 0 Downvote
beulah08



Thanks!! I'll try it!


Keep me posted if anything odd happens!

Cheers


 
Upvote 0 Downvote
Hi,

Re. the issue with the Win98 Clients. I have seen the same problem on our network, only happening with 98 clients, all others are fine (unless there is a specific reason for account lockout, obviously).

I've found that it may be a conflict between the 'Windows' logon and the domain logon. Try this:
1)Delete all the .pwl files on that machine.
2)Ask the user to log off and then back on.
3)When prompted for a Windows password, leave blank and OK it (rather than cancelling).
4) log in to the domain as normal.
5) log out and back in. You shouldn't be asked for a Windows passord any more, just the Domain password. This means there's nothing to conflict with. Things seem to run better after that.

Not a dead cert, but worth a go.
 
Upvote 0 Downvote
I have been experiencing the same issue with only 1 of my Windows 98 machine.

I will try your suggesion BradYB and let you all know.

Thanks
 
Upvote 0 Downvote
Sorry none of the above steps have resolved my issue. Anyone have any other suggestions ??

Thanks
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
55
strongm
strongm
tviman
  • Locked
  • Question
How to restrict RDP users to the desktop 2
Replies
13
Views
120
strongm
strongm
Kiwica
  • Locked
  • Question
Locked out domain account
Replies
4
Views
55
Kiwica
Kiwica
kolob4all
  • Locked
  • Question
Restrict AD users to login to specific computers
Replies
0
Views
34
kolob4all
kolob4all
abm-support
  • Locked
  • Question
Essentials Server 2012 not showing users or devices
Replies
0
Views
45
abm-support
abm-support

Part and Inventory Search

Sponsor

Back
Top