Sign in with
Sign up | Sign in
Your question

Account lockouts

Last response: in Windows 2000/NT
Share
Anonymous
March 9, 2005 7:17:46 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi all,

Last Friday some user accounts started to get locked out. Meanwhile, every
few logon attempts, other accounts get locked out. Even the Administrator
account gets locked out, although it is never used to logon.

I scanned my network on spyware an virusses, but nothing reported (Panda
Business secure). Snort doesn't report any suspicious intrude attempts
either.

I can unlock the accounts every 10 minutes, but that ain't the solution.

I already demoted 1 domain controller that reported problems with its SAM
database (unable to write, lockout as result), but my remaining 2 domain
controllers don't report anything like that (except a WINS error on one
server).

Anybody a clue? I'm struggling with this for 6 days already, and I'm
getting tired of it.

Systems : all Windows 2000 Advanced Server

Regards,
--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen

More about : account lockouts

Anonymous
March 9, 2005 7:17:47 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

http://www.microsoft.com/technet/prodtechnol/windowsser...
The article listed above is a very good troubleshooter. Account
lockouts can be very time consuming to track down, but by following the
troubleshooting steps in this article you should be able to find the
source of the lockouts.

First thing I would do is enable netlogon logging on your PDC Emulator
and then take a look at the logs and begin to narrow down from there
(pasted from the article referenced above):
"To enable Netlogon logging on computers that are running Windows 2000
Server, at a command prompt, type nltest /dbflag:2080ffff. The log file
is created in Systemroot\Debug\Netlogon.log. If the log file is not in
that location, stop and restart the Netlogon service on that computer.
To do this, at a command prompt, type net stop netlogon & net start
netlogon." (NLTest is part of the Support Tools on the Win2k CD)

The values you want to look for in the netlogon log are the following:
0xC000006A
The value provided as the current password is not correct
0xC0000234
The user account has been automatically locked

Again, the article listed above should guide you through parsing the
logs and interpreting what you see in the logs.

Account Lockout tools (link is also referenced from the article listed
above)
http://www.microsoft.com/downloads/details.aspx?FamilyI...

This should be a good start to figuring out your lockout issues.

Toni Van Remortel wrote:
> Hi all,
>
> Last Friday some user accounts started to get locked out. Meanwhile, every
> few logon attempts, other accounts get locked out. Even the Administrator
> account gets locked out, although it is never used to logon.
>
> I scanned my network on spyware an virusses, but nothing reported (Panda
> Business secure). Snort doesn't report any suspicious intrude attempts
> either.
>
> I can unlock the accounts every 10 minutes, but that ain't the solution.
>
> I already demoted 1 domain controller that reported problems with its SAM
> database (unable to write, lockout as result), but my remaining 2 domain
> controllers don't report anything like that (except a WINS error on one
> server).
>
> Anybody a clue? I'm struggling with this for 6 days already, and I'm
> getting tired of it.
>
> Systems : all Windows 2000 Advanced Server
>
> Regards,
Anonymous
March 12, 2005 5:37:43 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Wed, 09 Mar 2005 10:17:38 -0600, Jeremy Hallock wrote:

> The article listed above is a very good troubleshooter.

Jeremy, thank you for the link to the troubleshooter, it was from some
help.

I currently found that account lockout occurs in this situation:

net use g: \\corbusier\users /user:o W_HA\remorto

The account 'remorto' is locked out after I press Enter. BadPwdCount is
set to 1 on the server Corbusier, other domain controllers (now 3 in
total) leave BadPwdCount on 0, but accept the user lockout.

When I use this command instead

net use g: \\corbusier\users /user:o W_HA\remorto *

I'm asked for a password immediately and the mapping is done without any
problem. No lockout or whatsoever.

Weird? For me it is.

Anyway, domain logons will be tested monday, but my test-account works
normally.

Regards,
--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen
Related resources
Anonymous
March 14, 2005 12:00:31 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Sat, 12 Mar 2005 14:37:43 +0100, Toni Van Remortel wrote:

> Anyway, domain logons will be tested monday, but my test-account works
> normally.

Damned. I start to hate this thing.
Today on only half an hour 5 accounts are locked out, including the
Administrator.

--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen
Anonymous
March 14, 2005 2:14:29 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

In news:p an.2005.03.14.08.00.31.501601@VERWIJDEREN.ha.be,
Toni Van Remortel <t.vanremortel@VERWIJDEREN.ha.be> commented
Then Kevin replied below:
> On Sat, 12 Mar 2005 14:37:43 +0100, Toni Van Remortel
> wrote:
>
>> Anyway, domain logons will be tested monday, but my
>> test-account works normally.
>
> Damned. I start to hate this thing.
> Today on only half an hour 5 accounts are locked out,
> including the Administrator.

Check all of your machines for a scheduled task using an old password.
If you have scheduled tasks and the password changes you have to change the
password in the task properties. If you use scheduled tasks it is better to
set up a restricted account for the task with a non-expiring password.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================
Anonymous
March 15, 2005 11:05:01 AM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

On Mon, 14 Mar 2005 11:14:29 -0600, Kevin D. Goodknecht Sr. [MVP] wrote:

> In news:p an.2005.03.14.08.00.31.501601@VERWIJDEREN.ha.be,
> Toni Van Remortel <t.vanremortel@VERWIJDEREN.ha.be> commented
> Then Kevin replied below:
>> On Sat, 12 Mar 2005 14:37:43 +0100, Toni Van Remortel
>> wrote:
>>
>>> Anyway, domain logons will be tested monday, but my
>>> test-account works normally.
>>
>> Damned. I start to hate this thing.
>> Today on only half an hour 5 accounts are locked out,
>> including the Administrator.
>
> Check all of your machines for a scheduled task using an old password.
> If you have scheduled tasks and the password changes you have to change the
> password in the task properties. If you use scheduled tasks it is better to
> set up a restricted account for the task with a non-expiring password.

Aha, that's why it gets locked.
Thanks for the info. There are also a lot of the services that run with
Administrator rights (like anti-virus). I'll change them all.

--
Toni Van Remortel
Netwerkbeheerder HA Dept. Ontwerpwetenschappen
!