Live Chat Software by Kayako |
Troubleshooting Account Locks
Posted by Blair Benjamin, Last modified by Curt Winters on 04/27/2018 1:58 PM
|
|
Background - Sometimes after a user changes their password, there are issues with repeated account locks due to the previous password presumably being cached somewhere and sending a request. This can be very challenging to troubleshoot. Below are some theories, resources, and steps to take to hopefully identify the source and correct it. This wiki is a work in progress as we attempt to isolate the likely issue(s). Use this information for persistent issues, but refer to https://ts.cairn.edu/staff/index.php?/Knowledgebase/ViewKnowledgebase/Article/383 for the ADSelfService Password Change tool at https://reset.cairn.edu. Mary Boyer and Degreecompletion2 have been known to have very persistent issues with Password changes. Resources Tips on tracing the source of a bad password request and account lockout in AD - https://community.spiceworks.com/how_to/48758-trace-the-source-of-a-bad-password-and-account-lockout-in-ad Finding the log files on Windows Server - https://www.rootusers.com/where-are-windows-server-2016-log-files-stored/ Explanations of Windows Log Event IDs - https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventID=4740 (change the parameter at the end for others) Good article w/ suggestions from another user who had a similar experience - https://community.spiceworks.com/topic/143780-account-lockouts Tool/utility for checking an account's lockout status - https://servergeeks.wordpress.com/tag/lockoutstatus-exe/ or https://www.microsoft.com/en-us/download/details.aspx?id=18465 Another tool for examining lockouts - https://www.netwrix.com/account_lockout_examiner.html Specific Troubleshooting Steps to Try: 1- On the suspected offending computer, go to Control Panel > Credential Manager > Windows Credentials and delete/remove stored/cached credentials 2- Check any explicit or persistent drive mappings 3- Check to see if the offending account is configured on any phone/mobile devices with the password stored | |
|
Comments (0)