General discussion

Locked

Locked User Accounts - Active Directory

By cttechguy72 ·
A user where I work has a desktop and a laptop that is only used when he is in the field ( which is not that often). The laptop is equipped with a wireless card so he can access email within our main building while in meetings. He logged into his desktop and then logged into the laptop. Each time he attempted to logon to the laptop he was prompted with invalid password. After 3 attempts the message stated his account had been locked out. He logged off the desktop and then received the same message on the desktop after trying to login.
I checked his AD sccount and the Account lockout was checked. I unlocked the account but when he tried it again the account locked only after one attempt. I reset his password and we waited about 30 mins to let active directory replicate and it finally let him logon to the network from both machines. Are user credentials stored in the use profile or some place else? How come the account was being locked out after only one attempt ?

This conversation is currently closed to new comments.

9 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

There is a little bit of a replication delay at some point. Unlocking his account should reset the invalid login attempts counter. that's most likely the cause of the issue there.

user credentials are stored locally if the local policy is set to do so. they are encrypted but the issue isn't the local cache as his account wouldn't be able to lock if his laptop wasn't communicating with the DC's. he just typed in the wrong password. maybe the num lock got him or something like that.

Collapse -

by allthegoodnamesweregone In reply to

That's not very likely either. The only possibility i can think of would be if it were in standby/hibernate while it wasn't in use, then he logged on, and he got locked out due to drive mappings trying to use the old password. Since he wasn't able to log in, nothing was passed to the DC other than the credentials he tried to log in with. there would be other local policies that would also come into play here, but it doesn't matter so i'll leave it alone.

The cached credentials are only used for authentication if a DC cannot be contacted. so the cached credentials can't be the reason for the lockout.

i know he'll swear up and down that he put in the correct password. but he didn't. and he'll never admit it. i deal with users like that on a weekly basis.

Collapse -

by adembo In reply to Locked User Accounts - Ac ...

When a user logs onto a computer, your logon information is cached on the computer. For if that was not the case, you would never be able to log onto the laptop when its not on the domain.

Does the user put the laptop in stand-by or hibernate? If so, that could be the problem. If the user is still logged on with his cached credentials, which has since been changed, then that would cause his account to lock out, since the server would think he was using the wrong password.

I would be willing to be that if the laptop were rebooted, and the workstation rebooted, you would not see that problem happen.

As well, is terminal services involved here in any way?

Collapse -

by cttechguy72 In reply to Locked User Accounts - Ac ...

Thanks for the reply. I was thinking the same thing about the numlock but it was not in play here at all.Thats the first thing I check when a user locks their account. I think since he didnt use the laptop for a while it had old credintials cached. Trying to logon with the laptop caused AD to become out of sync. Thanks again.

Collapse -

by cttechguy72 In reply to Locked User Accounts - Ac ...

Point value changed by question poster.

Collapse -

by sgt_shultz In reply to Locked User Accounts - Ac ...

this sounds like a good one for me to go and lookup in mskb at support.microsoft.com
meanwhile, i wonder:
1 is the time and time zone synched on this network
2 anything in the (security) event logs on either
3 as previous answer hints: *has* user changed password lately?

Collapse -

by sgt_shultz In reply to

my browsing at mskb shows me bugs in unpatched XP clients. so you need to repost with client os's and sp level.
betcha this is xp and you dont' want to put on sp2. ?
post more info otherwise problem too academic

Collapse -

by sgt_shultz In reply to

user says 'fat fingered it' right? user not swearing they typed it right are they?
because you could worry a little about security now if you wanted...you could look at some logs. you could try to reproduce this. you could check the backups. you could get old early like me. (tease)
i bet you fixed it when you changed his password, (without waiting the 30 min)...
i imagine that info stored in SAM, not Users hive.
btw, i noticed an mskb article about a bug where even if logon lockout set to 5x, if user has same spelling of 'username' and 'full name', account will lockout after 3x. fix is to change the full name slightly. just mentioning.
so you figured out way ahead of me betcha that laptop must have been auto logging in someway and relocking out. or a virus was hammering away some where. please, somebody, tell me that isn't how it works...
i say the points go to the guy who reminded about the cached credentials
(what a pain! remind yourself/management about higher tco of laptops.)

Collapse -

by cttechguy72 In reply to Locked User Accounts - Ac ...

This question was closed by the author

Back to Networks Forum
9 total posts (Page 1 of 1)  

Related Discussions

Related Forums