General discussion

Locked

Domain Account Lockout

By TheWrightMan ·
I have a tough one.

My domain user account is periodically getting locked out. I have downloaded some troubleshooting tools and have found that something is causing a bad password to be thrown at the domain controller every 15 minutes exactly. It is not coming from my local workstation (I don't think). I have no services running with my account credentials. I have no scheduled tasks running with my old password (that I can find). Security logs on the domain controller do not give enough info to diagnose the problem. And, the Netlogon.log file does not show any unusual activity.

Here is the weird part. If I have Outlook running on my local machine, connected to the Exchange server, my account does not get locked out, and the bad password count is reset to zero pretty often. If Outlook is not running, I get locked out after the 5 bad password count is reached.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by rickrbyrne In reply to Domain Account Lockout

Could it be someone trying to hack your network?

Collapse -

by TheWrightMan In reply to

Poster rated this answer.

Collapse -

by jc2it In reply to Domain Account Lockout

Try running a port scanner like Ethereal for 30-45 minutes or so on the server that is recieving the bad login requests, or a promiscuous port on your network switch. You should be able to determine where the password request is comming from. Maybe an old file share, or you ran an automatic program as your login once.

Job Cacka

Collapse -

by jc2it In reply to

You know it could be that Outlook is trying to login to get your email while it is offline, but is using an old password. There is a checkbox in Outlook's options that disables this "Feature".

Collapse -

by TheWrightMan In reply to

Poster rated this answer.

Collapse -

by RCOM In reply to Domain Account Lockout

You could have a bug that is trying to send itself out with an email client. Time to scan for virus and others.

Collapse -

by TheWrightMan In reply to

Poster rated this answer.

Collapse -

by sgt_shultz In reply to Domain Account Lockout

ew
that is creepy.
you should be able to track this down pretty well. you immediately changed your username and password, right? and locked out the old account right?
could you be using odbc connector and have changed passwords lately or something. any scheduled tasks running?
if you are not seeing this in security event log on server what 'info' are you getting there?
do you have time synched to domain controller in your network?

Collapse -

by sgt_shultz In reply to

you using mapped drives?
did you see this one:
http://support.microsoft.com/default.aspx?scid=kb;en-us;841075
Trying to connect to a share via the "Run" command of the Explorer can lead to an account lockout.

Collapse -

by sgt_shultz In reply to

also may be worth mentioning that many periodic lockout problems were windows bugs fixed in latest patches. you on latest patches for windows and office, right?

Back to Windows Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums