Jump to content


Sign in to follow this  
Dinus1979

Account Lockout

Recommended Posts

Goodmorning everyone.
I have a problem that persists and haunts me in my Domain !!!
Many users complain that the account is blocked for no reason!
What I did:

 

1. I have enabled the Netlogon logging (nltest / dbflag: 0x2080ffff)

2. Downloaded Lockout Status tool
I picked up a user account that is locked and started troubleshooting.
The log file is written this:
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain 500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain 500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0x0
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC000006A
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via dc1) Returns 0xC0000234
[LOGON] DOMAIN: SamLogon: Transitive Network logon of Domain500 \ USERNAME from Client01 (via SHAREPOINT) Returns 0xC0000234

 

What happened by the user:
He has made a change password without restarting the workstation
Where is the problem ??
THANK YOU

Share this post


Link to post
Share on other sites

I use Netwrix account lockout examiner. Great tool. I now see who locks out their account from which device and go from there.

 

There are so many reasons for lock outs.. wireless, exchange, mapped drives, scheduled tasks, cache passwords etc etc.If the source is a workstation, go into control panel and have a look credential manager.

 

gives you a start :)

Share this post


Link to post
Share on other sites

I use Netwrix account lockout examiner. Great tool. I now see who locks out their account from which device and go from there.

 

There are so many reasons for lock outs.. wireless, exchange, mapped drives, scheduled tasks, cache passwords etc etc.If the source is a workstation, go into control panel and have a look credential manager.

 

gives you a start :)

I found the problem to 70% is the Lync client.
In fact, versions 2010 and 2013 remain cached login credentials!
I do further checks to confirm ... :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...