User Account Lockout Troubleshooting
Do any of these symptoms sound familiar?
· A users account keeps getting locked out, even though they haven’t even had to enter their credentials except to maybe unlock their screensaver
· A scheduled task quit working, such as a night backup job
· Services that used to start up at boot up will no longer start even if attempted manually
These are typical symptoms of a recently changed password where other resources are using this same account but are unaware of the recent password change. Things to check to assist in this troubleshooting are:
· Is the account logged onto more than one machine
o A user could have mapped drives to a resource from one machine, on a different machine he changes his password and then the first machine attempts to stay mapped to a drive and the password is no longer correct and eventually locks the user out.
· If a service is running that is attempting to authenticate and has an invalid password, it may attempt multiple times and lockout the account
Also ensure to review any mobile devices that your user might be using. If they have a cell phone/tablet with an embedded password the handheld maybe attempting to authenticate. This error will show up in the event logs and may the hardware may show up as a router or switch.
To help try and track down where the account is getting locked out use eventcombMT.exe from the Account Lockout tools found out Microsoft's website. Use the built in search AccountLockouts. Once the Event logs have been inspected and a new text file has been created, search within this text file for the locked account in question.
You can also set the debug flag on NetLogon to track authentication. "This creates a text file on the PDC that can be examined to determine which clients are generating the bad password attempts."