O.K. that link is dead for some reason ... sorry about that.
I did find a link to a good tool that can help track this stuff down.
http://support.microsoft.com/default.aspx?scid=kb;en-us;824209
This one will help you determine where the lockouts are comming from and
which DC's are involved in getting your account locked.
After that you can check and see which machine/ service is causing it.
And this one is live... I checked!
(e-mail address removed)
This posting is provided "AS IS"
with no warranties, and confers no rights
--------------------
| From: "Jeff McAhren" <
[email protected]>
| References: <#
[email protected]>
<
[email protected]>
| Subject: Re: Disabled Account
| Date: Thu, 8 Jan 2004 10:36:56 -0600
| Lines: 84
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| Message-ID: <#
[email protected]>
| Newsgroups: microsoft.public.win2000.active_directory
| NNTP-Posting-Host: 65.247.143.1
| Path:
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP11.phx.gbl
| Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.active_directory:61892
| X-Tomcat-NG: microsoft.public.win2000.active_directory
|
| Kevin: I'm still having problems. I can't find the page that you
| reference, even searching the support.microsoft site. Do you have another
| link?
|
| Tony: Thanks for the info. By using the client lockout tool on my
| workstation, we have determined that the problem doesn't lie with my
| workstation. It must me on one of the servers that I maintain, or
perhaps a
| co-workers computer on which I might have set something up(?). Our IT
dept
| doesn't know how to tell which machine the bad credentials are being
| submitted from. How can we do this so we know which machine to run the
| client tools on?
|
| Thanks!!
|
|
|
|
| | > An excellent tool for your guys would be:
| >
| > 315585 Account Lockout Troubleshooter
| >
http://support.microsoft.com/?id=315585
| >
| > It has a lot of step-by-step procedures for locking down those pesky
| > lockouts.
| > There are also some additional resources in this article on setting up
| > netlogon logging.
| > And a section on account lockout tools.
| > Remember that you should always start with the DC that holds that PDC
| > emulator first.
| >
| > (e-mail address removed)
| >
| > This posting is provided "AS IS"
| > with no warranties, and confers no rights
| > --------------------
| > | From: "j" <j@j>
| > | Subject: Disabled Account
| > | Date: Tue, 6 Jan 2004 14:02:57 -0600
| > | Lines: 20
| > | X-Priority: 3
| > | X-MSMail-Priority: Normal
| > | X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
| > | X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
| > | Message-ID: <#
[email protected]>
| > | Newsgroups: microsoft.public.win2000.active_directory
| > | NNTP-Posting-Host: 65.247.143.194
| > | Path:
| >
|
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!TK2MSFTNGP08.phx.gbl!tk2msftngp13.
| > phx.gbl
| > | Xref: cpmsftngxa07.phx.gbl
| microsoft.public.win2000.active_directory:61537
| > | X-Tomcat-NG: microsoft.public.win2000.active_directory
| > |
| > | I'm at work, and my domain account keeps getting locked out. The IT
| > | department just instituted an "attempt" policy where five incorrect
| > attempts
| > | locks your account. I'm not making any incorrect attempts, and
shortly
| > | after they re-enable my account, it's disabled again.
| > |
| > | It must be a service or a share or something somewhere, maybe on
another
| > | workstation or server, but we can't find it. They say that they don't
| > have
| > | a way to detect where this attempted login is coming from, but I
wonder
| if
| > | they just don't know how to detect where it's coming from (machine
name
| or
| > | ip).
| > |
| > | Any tips?
| > |
| > |
| > |
| > | --
| > | Jeff McAhren
| > | Dallas, Texas
| > |
| > |
| > |
| >
|
|
|
