TechRepublic|Forums|Windows

Windows

General discussion

  • Creator
    Topic
  • November 8, 2005 at 11:42 am #2179067

    Domain Account Lockout

    Locked

    by thewrightman · about 16 years, 6 months ago

    I have a tough one.

    My domain user account is periodically getting locked out. I have downloaded some troubleshooting tools and have found that something is causing a bad password to be thrown at the domain controller every 15 minutes exactly. It is not coming from my local workstation (I don’t think). I have no services running with my account credentials. I have no scheduled tasks running with my old password (that I can find). Security logs on the domain controller do not give enough info to diagnose the problem. And, the Netlogon.log file does not show any unusual activity.

    Here is the weird part. If I have Outlook running on my local machine, connected to the Exchange server, my account does not get locked out, and the bad password count is reset to zero pretty often. If Outlook is not running, I get locked out after the 5 bad password count is reached.

    Topic is locked This conversation is currently closed to new comments.
  • Creator
    Topic

All Comments

  • Author
    Replies
    • November 8, 2005 at 12:24 pm #3135860

      Reply To: Domain Account Lockout

      by rickrbyrne · about 16 years, 6 months ago

      In reply to Domain Account Lockout

      Could it be someone trying to hack your network?

    • November 8, 2005 at 1:58 pm #3135635

      Reply To: Domain Account Lockout

      by jc2it · about 16 years, 6 months ago

      In reply to Domain Account Lockout

      Try running a port scanner like Ethereal for 30-45 minutes or so on the server that is recieving the bad login requests, or a promiscuous port on your network switch. You should be able to determine where the password request is comming from. Maybe an old file share, or you ran an automatic program as your login once.

      Job Cacka

      • November 8, 2005 at 2:00 pm #3135633

        Reply To: Domain Account Lockout

        by jc2it · about 16 years, 6 months ago

        In reply to Reply To: Domain Account Lockout

        You know it could be that Outlook is trying to login to get your email while it is offline, but is using an old password. There is a checkbox in Outlook’s options that disables this “Feature”.

      • November 14, 2005 at 6:26 am #3119535

        Reply To: Domain Account Lockout

        by thewrightman · about 16 years, 6 months ago

        In reply to Reply To: Domain Account Lockout

        Poster rated this answer.

    • November 9, 2005 at 10:32 pm #3118869

      Reply To: Domain Account Lockout

      by rcom · about 16 years, 6 months ago

      In reply to Domain Account Lockout

      You could have a bug that is trying to send itself out with an email client. Time to scan for virus and others.

    • November 11, 2005 at 6:56 am #3119484

      Reply To: Domain Account Lockout

      by sgt_shultz · about 16 years, 6 months ago

      In reply to Domain Account Lockout

      ew
      that is creepy.
      you should be able to track this down pretty well. you immediately changed your username and password, right? and locked out the old account right?
      could you be using odbc connector and have changed passwords lately or something. any scheduled tasks running?
      if you are not seeing this in security event log on server what ‘info’ are you getting there?
      do you have time synched to domain controller in your network?

    • November 14, 2005 at 6:27 am #3119531

      Reply To: Domain Account Lockout

      by thewrightman · about 16 years, 6 months ago

      In reply to Domain Account Lockout

      This question was closed by the author

    • February 26, 2012 at 11:39 pm #2441401

      Hello

      by agrawalpiyush · about 10 years, 3 months ago

      In reply to Domain Account Lockout

      Hi I have been busy with IT projects hence late reply. Catching up on all the updates I suggest you

      1. Launce Procmon on the domain hosting the accounts and leave it to run, then dump the results when the lockup occurs.

      2. You will definitely need to do an out of hours/weekend investigation on the domain controller and restart it completely.

      3. Possibly create the user another account similar to the other one then migrate all his Data etc to the newly created profile/user share, then delete or disable the other account

      4. Ensure that the domain god account has accessibility for any possible sub lockouts lower down the AD hierarchy

      Hope my suggestion aids you in coming to a solution.

  • Author
    Replies
Viewing 5 reply threads