Friday, 6 June 2014

User Account Lockouts Troubleshoot

User Account Lockouts:
                  1)     Identify the user information which domain controller user NT Account belongs to.
2)     Logon to the specific PDC server.
3)     Filter the event id 644 (User account lock info & 675 bad password info).
4)     Check if the user lockout information falls on the PDC, if user account locked out, you can see the information in the events and it will provide the Caller Machine Name, investigate the system which service is supplying bad password.

Typically the below reasons user passwords are getting locked out frequently.

Users Account Lockouts: Almost all User Account lockouts are due to a user changing their password and then encountering issues because the old password is still in use somewhere.
  1. The user has been logged into another workstation or server from before the time they recently changed their password.  Resolution: Logout, and then login with new password.
  2. The user has a Terminal Service session opened with the previous password credentials.  Resolution: Logon to the indicated server and close session or use Terminal Services Manager tool.
  3. The user has a previously mapped a drive using the previous password credentials.  Resolution: Recreate/Reset mapping with new credentials.
  4. The user has a service running under the context of their user account with the previous password credentials.  This service could be a standard service visible via the Services tool, or a scheduled job running via an AT job or Scheduled Jobs.  Resolution: Find the service and update the credentials.
  5. The indicated computer account has an application running that is utilizing the previous password.

When a local workstation is causing the lockouts, it may be necessary for the end-user to login while disconnected from the network and correct the issue.  They may have to even use their previous password to gain access to the session.

No comments:

Post a Comment