Right now only one of my customers’ account gets locked out every hour, even while he is logged on. (There have been others in the past prior to my arrival) I am having trouble figuring out why it is doing this. Here’s what I have so far. (I hope it pinpoints an area to search[fingers-crossed].
* User logs into only 1 workstation.
* User has no scheduled tasks.
* User has standard drive mappings (home and share. Home is through his account properties and share is through logon script.)
* I’ve ran lockoutstatus.exe but I don’t really understand the output. It shows when the last bad password was sent, but it doesn’t show me what kind of error it was.
* Recently the org established a website that required user authentication, but he uses the same password and username that he logs onto the workstation.
* Authenticates to a Server2003, workstation is 2000.
* I have just enabled Kerberos logging on his workstation, which will reboot tonight. So I’ll see if there is anything there.
Some other thoughts I have..
Currently the policy is to recreate the user account and the lockout issue goes away. That leads me to believe maybe the SID is corrupting, or something. Is there a way I can check the validity of a SID? or am I in left field with this thought?
All help is appreciated!!