Account Lockout Problems

[Guest]

I am haveing some account lockout problems I can't seem to figure out. I
have read the technet article
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx.
I have installed ALockout.dll and have netlogon logging. The Logs don't
make any sense to me. The netlogon logs is nothing but mailslot entries.
ALockout logs seem to list process when the lockout occurs but which ones are
important. I see MS office entries and Lotus notes entries. The only thing
these workstations have in common is they map to exteral domain drives with a
password. I did clear reoccuring drives. Thanks if this is not the right
group for my question please point me in the right direction. Thanks in
advance, I find this forum very helpful.

 

[John Negus]

Hello Randy,

What OS are you using, Windows 2000 or Windows 2003?

There is a known problem with Windows 2000 where a user or app stores
authorization credentials locally, but, then the user changes their
password and does not update the stored information.

When they next try to connect to the resource a badly written app
instead of timing out and prompting the user to enter the correct
credentials will keep presenting the incorrect credentials causing the
user account to become locked out.

This has been address within Windows Server 2003

I am not sure if this relates to your problem based on the information
included in your post but I hope this helps.

 

[Mark Renoden [MSFT]]

Hi Randy

My preferred method for tracking down these issues is as follows:

1. Use lockoutstatus.exe to identify which DC's the bad attempts are being
sent to.

2. Enable auditing on these DC's to catch the bad attempts and identify the
clients from which the bad attempts are originating. (see the document you
made reference to). You might skip step 1 and just enable auditing on all
DC's if it's a small environment. The frequency of the bad attempts will
indicate whether this is process related or the users just making a mistake.
Many in the same second ... process.

3. Based on frequency, if it looks process related, use ALockout.dll on the
client machines identified by the audit logs. The resulting log should tell
you what's responsible. If it's user related, fix the user

What does your lockout policy look like? Are you following the guidance in
the article you've pointed to?

Kind regards
--
Mark Renoden [MSFT]
Windows Platform Support Team
Email: (e-mail address removed)

Please note you'll need to strip ".online" from my email address to email
me; I'll post a response back to the group.

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

I am using windows 2000. Where can I get more information on theis known
problem?
Thanks in advance.

Randy