Sign in with
Sign up | Sign in
Your question

Account lockouts

Tags:
Last response: in Windows 2000/NT
Share
Anonymous
March 9, 2005 5:42:52 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi all,

Last Friday some user accounts started to get locked out. Meanwhile, every
few logon attempts, other accounts get locked out. Even the Administrator
account gets locked out, although it is never used to logon.

I scanned my network on spyware an virusses, but nothing reported (Panda
Business secure). Snort doesn't report any suspicious intrude attempts
either.

I can unlock the accounts every 10 minutes, but that ain't the solution.

I already demoted 1 domain controller that reported problems with its SAM
database (unable to write, lockout as result), but my remaining 2 domain
controllers don't report anything like that (except a WINS error on one
server).

Anybody a clue? I'm struggling with this for 6 days already, and I'm
getting tired of it.

Regards,
--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen

More about : account lockouts

Anonymous
March 9, 2005 5:42:53 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

Hi Toni,

You are on the right track. <g> Most lockout issues
occur when there netlogon synchronization issues
between your domain controllers e.g., not replicating
the SAM.

First thing to do is enable auditing for security policy
changes and open server manager then highlight the
PDC and synchronize the entire domain. Next check
the event viewer on the PDC and all BDCs to get
more details on why synchronization is not occurring.
Post the event id and details.

BTW how exactly did you demote your BDC? I am
curious because there is no built in method in NT 4.0
unless you reinstall the OS.

"Toni Van Remortel" <t.vanremortel@VERWIJDEREN.ha.be> wrote in message news:

> Last Friday some user accounts started to get locked out. Meanwhile, every
> few logon attempts, other accounts get locked out. Even the Administrator
> account gets locked out, although it is never used to logon.
>
> I scanned my network on spyware an virusses, but nothing reported (Panda
> Business secure). Snort doesn't report any suspicious intrude attempts
> either.
>
> I can unlock the accounts every 10 minutes, but that ain't the solution.
>
> I already demoted 1 domain controller that reported problems with its SAM
> database (unable to write, lockout as result), but my remaining 2 domain
> controllers don't report anything like that (except a WINS error on one
> server).
>
> Anybody a clue? I'm struggling with this for 6 days already, and I'm
> getting tired of it.
>
Anonymous
March 9, 2005 7:15:27 PM

Archived from groups: microsoft.public.windowsnt.domain (More info?)

On Wed, 09 Mar 2005 09:36:16 -0500, Michael Giorgio - MS MVP wrote:

> Hi Toni,
>
> You are on the right track. <g> Most lockout issues
> occur when there netlogon synchronization issues
> between your domain controllers e.g., not replicating
> the SAM.
>
> First thing to do is enable auditing for security policy
> changes and open server manager then highlight the
> PDC and synchronize the entire domain. Next check
> the event viewer on the PDC and all BDCs to get
> more details on why synchronization is not occurring.
> Post the event id and details.

OK, I'll try that.

> BTW how exactly did you demote your BDC? I am
> curious because there is no built in method in NT 4.0
> unless you reinstall the OS.

Oops. I forgot to mention that it is actually Windows 2000, but I didn't
find a group that matched 2000 domain topics.
Under 2000, you can just use dcpromo.exe to demote.

Anyway, thanks for the info already.
--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen
!