Results 1 to 3 of 3
Thread: Account lockout
2016-01-14, 07:33 #1
- Join Date
- Jan 2016
- Thanked 0 Times in 0 Posts
Hi People.. I have a problem now for the past 6 months where I cannot locate the source that locks my account. It is definitely not a I used all kind of tools and normally the tools will tell you if its a pc with the pc name. The tool just comes up with a blank source which could indicate to be a mobile device. I am so frustrated not to find this mobile device. I do not want to change my user account as that would change a lot of application and system access.
Hope someone out there have a solution for this. You would really make my year!! Account locks at least every 30 minutes. AD also shows blank area where it normally gives you the pc name where it locks.
I am working on a Domain and this is where it locks.
2016-01-14, 10:35 #2
Here's what it sounds like to me: you have logged in on a device other than your normal device, and since doing that, you have changed your password. The other device, however, is still pinging the network with your previous password. And it doesn't matter if you logged off of the other device or not; if you logged off but never powered down, the other device can still lock your account.
This happened all the time at my previous job.
In fact, not only did other devices lock a user's account, but I have actually seen the PC that the user is currently using lock his account! (I had the MAC address of the offending device, and that's how I knew that it was, in fact, the PC that the user was on at that time.)
If you are connected with an ethernet cable, but you have connected previously via wifi, then your wifi profile may have the old password and may be locking your account. Delete your wifi profile.
If you aren't able to see any identifying information, then one way to deal with it is to try to remember all of the devices you have ever logged in on on this domain, and shut them down or restart them. If you don't use very many other PCs, then this may be a reasonable way to do it.
Last edited by mrjimphelps; 2016-01-14 at 10:38.
2016-01-15, 04:14 #3
- Join Date
- Dec 2009
- Thanked 983 Times in 913 Posts
I assume you have only one domain controller. If you have multiple you need to use LockoutStatus to find the DC where the locking occurs.
On the DC locking the account look in the Event Viewer > Security log for the incorrect user login attempt, just before the lockout event, and read the MAC of the device using the wrong password.
Look up the MAC address in a web search to find the manufacturer - it may be a mobile phone attempting to authenticate to your WiFi.
Locate the device via the usual sneakernet method.